tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ole Ersoy <ole.er...@gmail.com>
Subject Re: Servlet 3.0 File Upload
Date Mon, 05 Sep 2011 16:53:33 GMT
Thank you for the advice.  I'll stick to hard coded file locations and names :).

Thanks again,
- Ole

On 09/05/2011 03:22 AM, André Warnier wrote:
> This must be about the worst advice I have ever seen.
> What about someone typing e.g. "/etc/passwd" in that text box?
>
> If you allow people to upload files to your server, you should create
> your own location and naming scheme for the uploaded files. You should
> not even use the original filename, unless you are dying to experience
> all the silly things that people can think of in terms of filenames
> (with spaces in them, or characters that are valid on one platform but
> not another, or characters in various character sets and so on.)
>
>
> Jonathan Soons wrote:
>> You need to add a line in in your form:
>> <input type="text" name="filename" />
>>
>> Then in your servlet GetPost() method you put this filename in a
>> variable:
>> String filename;
>> filename = req.getParameter("filename");
>>
>> Then instead of part.write("samplefile");
>> do:
>> part.write(filename);
>>
>> Jonathan Soons
>> ________________________________________
>> From: Ole Ersoy [ole.ersoy@gmail.com]
>> Sent: Friday, September 02, 2011 6:50 PM
>> To: Tomcat Users List
>> Subject: Servlet 3.0 File Upload
>>
>> Hi,
>>
>> I have a working file upload servlet, with the exception that it calls
>> the uploaded file "samplefile" instead of using the name of the file.
>> So if I upload different files, they all overwrite each other. Any
>> ideas on how to fix this? I used this tutorial to get it working:
>>
>> http://www.servletworld.com/servlet-tutorials/servlet3/multipartconfig-file-upload-example.html
>>
>>
>> TIA,
>> - Ole
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message