svn commit: r661986 - /incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/attachment/AttachmentServlet.java

Sat, 31 May 2008 02:13:44 -0700 

Author: jalkanen
Date: Sat May 31 02:13:20 2008
New Revision: 661986

URL: http://svn.apache.org/viewvc?rev=661986&view=rev
Log:
Moved filename validation to AttachmentManager

Modified:
    
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/attachment/AttachmentServlet.java

Modified: 
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/attachment/AttachmentServlet.java
URL: 
http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/attachment/AttachmentServlet.java?rev=661986&r1=661985&r2=661986&view=diff
==============================================================================
--- 
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/attachment/AttachmentServlet.java 
(original)
+++ 
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/attachment/AttachmentServlet.java 
Sat May 31 02:13:20 2008
@@ -42,7 +42,6 @@
 import org.apache.commons.fileupload.ProgressListener;
 import org.apache.commons.fileupload.disk.DiskFileItemFactory;
 import org.apache.commons.fileupload.servlet.ServletFileUpload;
-import org.apache.commons.lang.StringUtils;
 import org.apache.log4j.Logger;
 
 import com.ecyrd.jspwiki.*;
@@ -694,7 +693,6 @@
         return nextPage;
     }
 
-
     /**
      *
      * @param context the wiki context
@@ -719,26 +717,15 @@
     {
         boolean created = false;
 
-        if( filename == null || filename.trim().length() == 0 )
+        try
         {
-            log.error("Empty file name given.");
-
-            throw new RedirectException("Empty file name given.",
-                                        errorPage);
+            filename = AttachmentManager.validateFileName( filename );
+        }
+        catch( WikiException e )
+        {
+            log.error( "Illegal filename given: "+e.getMessage() );
+            throw new RedirectException( e.getMessage(), errorPage );
         }
-
-        //
-        //  Should help with IE 5.22 on OSX
-        //
-        filename = filename.trim();
-
-        //
-        //  Some browser send the full path info with the filename, so we need
-        //  to remove it here by simply splitting along slashes and then 
taking the path.
-        //
-        
-        String[] splitpath = filename.split( "/\\\\" );
-        filename = splitpath[splitpath.length-1];
         
         //
         //  FIXME: This has the unfortunate side effect that it will receive 
the
@@ -766,13 +753,6 @@
 
         AttachmentManager mgr = m_engine.getAttachmentManager();
 
-        //
-        //  Remove any characters that might be a problem. Most
-        //  importantly - characters that might stop processing
-        //  of the URL.
-        //
-        filename = StringUtils.replaceChars( filename, "#?\"'", "____" );
-
         log.debug("file="+filename);
 
         if( data == null )

Reply via email to