svn commit: r661985 - /incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/attachment/AttachmentManager.java

Sat, 31 May 2008 02:13:16 -0700 

Author: jalkanen
Date: Sat May 31 02:12:51 2008
New Revision: 661985

URL: http://svn.apache.org/viewvc?rev=661985&view=rev
Log:
Added validateFileName(), moved from AttachmentServlet.

Modified:
    
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/attachment/AttachmentManager.java

Modified: 
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/attachment/AttachmentManager.java
URL: 
http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/attachment/AttachmentManager.java?rev=661985&r1=661984&r2=661985&view=diff
==============================================================================
--- 
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/attachment/AttachmentManager.java 
(original)
+++ 
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/attachment/AttachmentManager.java 
Sat May 31 02:12:51 2008
@@ -26,6 +26,7 @@
 import java.io.InputStream;
 import java.util.*;
 
+import org.apache.commons.lang.StringUtils;
 import org.apache.log4j.Logger;
 
 import com.ecyrd.jspwiki.*;
@@ -588,4 +589,44 @@
         m_engine.getReferenceManager().clearPageEntries( att.getName() );
 
     }
+
+    /**
+     *  Validates the filename and makes sure it is legal.
+     *  
+     *  @param filename
+     *  @return
+     *  @throws WikiException If the filename is not legal.
+     */
+    static String validateFileName( String filename )
+        throws WikiException
+    {
+        if( filename == null || filename.trim().length() == 0 )
+        {
+            AttachmentServlet.log.error("Empty file name given.");
+    
+            throw new WikiException("Empty file name given.");
+        }
+    
+        //
+        //  Should help with IE 5.22 on OSX
+        //
+        filename = filename.trim();
+    
+        //
+        //  Some browser send the full path info with the filename, so we need
+        //  to remove it here by simply splitting along slashes and then 
taking the path.
+        //
+        
+        String[] splitpath = filename.split( "[/\\\\]" );
+        filename = splitpath[splitpath.length-1];
+        
+        //
+        //  Remove any characters that might be a problem. Most
+        //  importantly - characters that might stop processing
+        //  of the URL.
+        //
+        filename = StringUtils.replaceChars( filename, "#?\"'", "____" );
+    
+        return filename;
+    }
 }

Reply via email to