svn commit: r661113 - in /incubator/jspwiki/trunk: ChangeLog src/com/ecyrd/jspwiki/Release.java src/com/ecyrd/jspwiki/attachment/AttachmentServlet.java

Wed, 28 May 2008 15:04:15 -0700 

Author: jalkanen
Date: Wed May 28 15:03:50 2008
New Revision: 661113

URL: http://svn.apache.org/viewvc?rev=661113&view=rev
Log:
Clean away the path part of attached file names.

Modified:
    incubator/jspwiki/trunk/ChangeLog
    incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/Release.java
    
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/attachment/AttachmentServlet.java

Modified: incubator/jspwiki/trunk/ChangeLog
URL: 
http://svn.apache.org/viewvc/incubator/jspwiki/trunk/ChangeLog?rev=661113&r1=661112&r2=661113&view=diff
==============================================================================
--- incubator/jspwiki/trunk/ChangeLog (original)
+++ incubator/jspwiki/trunk/ChangeLog Wed May 28 15:03:50 2008
@@ -1,3 +1,10 @@
+2008-05-29  Janne Jalkanen <[EMAIL PROTECTED]>
+
+        * 2.7.0-svn-30
+        
+        * AttachmentServlet now cleans the uploaded file name, since some
+        browsers send the full path as well.
+        
 2008-05-22  Andrew Jaquith <ajaquith AT apache DOT org>
 
         * 2.7.0-svn-29

Modified: incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/Release.java
URL: 
http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/Release.java?rev=661113&r1=661112&r2=661113&view=diff
==============================================================================
--- incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/Release.java (original)
+++ incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/Release.java Wed May 28 
15:03:50 2008
@@ -77,7 +77,7 @@
      *  <p>
      *  If the build identifier is empty, it is not added.
      */
-    public static final String     BUILD         = "29";
+    public static final String     BUILD         = "30";
     
     /**
      *  This is the generic version string you should use

Modified: 
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/attachment/AttachmentServlet.java
URL: 
http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/attachment/AttachmentServlet.java?rev=661113&r1=661112&r2=661113&view=diff
==============================================================================
--- 
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/attachment/AttachmentServlet.java 
(original)
+++ 
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/attachment/AttachmentServlet.java 
Wed May 28 15:03:50 2008
@@ -719,6 +719,27 @@
     {
         boolean created = false;
 
+        if( filename == null || filename.trim().length() == 0 )
+        {
+            log.error("Empty file name given.");
+
+            throw new RedirectException("Empty file name given.",
+                                        errorPage);
+        }
+
+        //
+        //  Should help with IE 5.22 on OSX
+        //
+        filename = filename.trim();
+
+        //
+        //  Some browser send the full path info with the filename, so we need
+        //  to remove it here by simply splitting along slashes and then 
taking the path.
+        //
+        
+        String[] splitpath = filename.split( "/\\\\" );
+        filename = splitpath[splitpath.length-1];
+        
         //
         //  FIXME: This has the unfortunate side effect that it will receive 
the
         //  contents.  But we can't figure out the page to redirect to
@@ -745,19 +766,6 @@
 
         AttachmentManager mgr = m_engine.getAttachmentManager();
 
-        if( filename == null || filename.trim().length() == 0 )
-        {
-            log.error("Empty file name given.");
-
-            throw new RedirectException("Empty file name given.",
-                                        errorPage);
-        }
-
-        //
-        //  Should help with IE 5.22 on OSX
-        //
-        filename = filename.trim();
-
         //
         //  Remove any characters that might be a problem. Most
         //  importantly - characters that might stop processing

Reply via email to