Author: jochen
Date: Tue Jul 13 09:12:53 2010
New Revision: 963625
URL: http://svn.apache.org/viewvc?rev=963625&view=rev
Log:
Rewrote comment, due to user feedback.
Modified:
commons/proper/fileupload/trunk/src/java/org/apache/commons/fileupload/InvalidFileNameException.java
Modified:
commons/proper/fileupload/trunk/src/java/org/apache/commons/fileupload/InvalidFileNameException.java
URL:
http://svn.apache.org/viewvc/commons/proper/fileupload/trunk/src/java/org/apache/commons/fileupload/InvalidFileNameException.java?rev=963625&r1=963624&r2=963625&view=diff
==============================================================================
---
commons/proper/fileupload/trunk/src/java/org/apache/commons/fileupload/InvalidFileNameException.java
(original)
+++
commons/proper/fileupload/trunk/src/java/org/apache/commons/fileupload/InvalidFileNameException.java
Tue Jul 13 09:12:53 2010
@@ -21,11 +21,11 @@ package org.apache.commons.fileupload;
* This exception is thrown in case of an invalid file name.
* A file name is invalid, if it contains a NUL character.
* Attackers might use this to circumvent security checks:
- * For example, the user might check, whether the file name
- * is "foo.exe\0.png". This file name might pass security
- * checks. OTOH, depending on the underlying C library, it
- * might create a file named "foo.exe", as the NUL character
- * is the string terminator in C.
+ * For example, a malicious user might upload a file with the name
+ * "foo.exe\0.png". This file name might pass security checks (i.e.
+ * checks for the extension ".png"), while, depending on the underlying
+ * C library, it might create a file named "foo.exe", as the NUL
+ * character is the string terminator in C.
*/
public class InvalidFileNameException extends RuntimeException {
private static final long serialVersionUID = 7922042602454350470L;
