The new default "EXCLUDED_FILE_PATTERN" is too restrictive for our
application. For example, we consider files with "&" valid. That said,
are we able to override the excluded file pattern in some way (e.g.
struts properties)?
private static final String EXCLUDED_FILE_PATTERN =
"^(.*[<>&\"'|;\\\\/?*:]+.*|.*\\.\\..*)$";
Thanks,
Burton
------ Original Message ------
From "Lukasz Lenart" <lukaszlen...@apache.org>
To "Struts Developers List" <dev@struts.apache.org>
Date 2/9/2025 11:50:30 AM
Subject Re: file upload name filtering
Could you create a JIRA ticket to address this?
niedz., 9 lut 2025 o 10:51 Greg Huber <gregh3...@gmail.com> napisał(a):
..v6 to escape and warn would be good, and should reduce downstream
complaints as they might not notice it😉.
arthu€r.jpg
long filenames to try and find the offending char
af517d82-8583-11eb-a3d0-06b4694bee2a_2Fmedia-manager_2F1738545771934-House_20&_20Home_20-_20HI-RES.png
On 09/02/2025 09:27, Lukasz Lenart wrote:
> niedz., 9 lut 2025 o 10:20 Greg Huber<gregh3...@gmail.com> napisał(a):
>> Still using v6 at the moment, but I think v7 (dev box) is the same?
> The same in functionality, but harder to refactor some things. I made
> a few changes in the logic used in v7 and it's hard to port them back
> into v6.
> Anyway, I will take a look to make it happen in v6 and build a better
> solution in v7
>
>
> Cheers
> Łukasz
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org
> For additional commands, e-mail:dev-h...@struts.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
