Hm... looks like I must re-think this approach, thanks all for reporting this issue!
pon., 10 lut 2025 o 18:30 Burton Rhodes <burtonrho...@gmail.com> napisał(a): > > The new default "EXCLUDED_FILE_PATTERN" is too restrictive for our > application. For example, we consider files with "&" valid. That said, > are we able to override the excluded file pattern in some way (e.g. > struts properties)? > > private static final String EXCLUDED_FILE_PATTERN = > "^(.*[<>&\"'|;\\\\/?*:]+.*|.*\\.\\..*)$"; > > Thanks, > Burton > > > ------ Original Message ------ > From "Lukasz Lenart" <lukaszlen...@apache.org> > To "Struts Developers List" <dev@struts.apache.org> > Date 2/9/2025 11:50:30 AM > Subject Re: file upload name filtering > > >Could you create a JIRA ticket to address this? > > > >niedz., 9 lut 2025 o 10:51 Greg Huber <gregh3...@gmail.com> napisał(a): > >> > >> ..v6 to escape and warn would be good, and should reduce downstream > >> complaints as they might not notice it😉. > >> > >> arthu€r.jpg > >> > >> long filenames to try and find the offending char > >> > >> > >> af517d82-8583-11eb-a3d0-06b4694bee2a_2Fmedia-manager_2F1738545771934-House_20&_20Home_20-_20HI-RES.png > >> > >> On 09/02/2025 09:27, Lukasz Lenart wrote: > >> > niedz., 9 lut 2025 o 10:20 Greg Huber<gregh3...@gmail.com> napisał(a): > >> >> Still using v6 at the moment, but I think v7 (dev box) is the same? > >> > The same in functionality, but harder to refactor some things. I made > >> > a few changes in the logic used in v7 and it's hard to port them back > >> > into v6. > >> > Anyway, I will take a look to make it happen in v6 and build a better > >> > solution in v7 > >> > > >> > > >> > Cheers > >> > Łukasz > >> > > >> > --------------------------------------------------------------------- > >> > To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org > >> > For additional commands, e-mail:dev-h...@struts.apache.org > >> > > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > >For additional commands, e-mail: dev-h...@struts.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > For additional commands, e-mail: dev-h...@struts.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
