svn commit: r677493 - in /incubator/jspwiki/branches/JSPWIKI_2_6_BRANCH: ChangeLog src/com/ecyrd/jspwiki/Release.java src/com/ecyrd/jspwiki/attachment/AttachmentManager.java src/com/ecyrd/jspwiki/attachment/AttachmentServlet.java

Wed, 16 Jul 2008 20:23:40 -0700 

Author: ajaquith
Date: Wed Jul 16 20:23:16 2008
New Revision: 677493

URL: http://svn.apache.org/viewvc?rev=677493&view=rev
Log:
JSPWIKI-315: added extra checks to AttachmentServlet.

Modified:
    incubator/jspwiki/branches/JSPWIKI_2_6_BRANCH/ChangeLog
    
incubator/jspwiki/branches/JSPWIKI_2_6_BRANCH/src/com/ecyrd/jspwiki/Release.java
    
incubator/jspwiki/branches/JSPWIKI_2_6_BRANCH/src/com/ecyrd/jspwiki/attachment/AttachmentManager.java
    
incubator/jspwiki/branches/JSPWIKI_2_6_BRANCH/src/com/ecyrd/jspwiki/attachment/AttachmentServlet.java

Modified: incubator/jspwiki/branches/JSPWIKI_2_6_BRANCH/ChangeLog
URL: 
http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_6_BRANCH/ChangeLog?rev=677493&r1=677492&r2=677493&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_6_BRANCH/ChangeLog (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_6_BRANCH/ChangeLog Wed Jul 16 20:23:16 
2008
@@ -1,3 +1,9 @@
+2008-07-16  Andrew Jaquith <ajaquith AT apache DOT org>
+
+        * 2.5.3-build-3
+        
+        * JSPWIKI-315: added extra checks to AttachmentServlet.
+        
 2008-05-27  Janne Jalkanen <[EMAIL PROTECTED]>
 
         * 2.6.3-rc-2

Modified: 
incubator/jspwiki/branches/JSPWIKI_2_6_BRANCH/src/com/ecyrd/jspwiki/Release.java
URL: 
http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_6_BRANCH/src/com/ecyrd/jspwiki/Release.java?rev=677493&r1=677492&r2=677493&view=diff
==============================================================================
--- 
incubator/jspwiki/branches/JSPWIKI_2_6_BRANCH/src/com/ecyrd/jspwiki/Release.java
 (original)
+++ 
incubator/jspwiki/branches/JSPWIKI_2_6_BRANCH/src/com/ecyrd/jspwiki/Release.java
 Wed Jul 16 20:23:16 2008
@@ -77,7 +77,7 @@
      *  <p>
      *  If the build identifier is empty, it is not added.
      */
-    public static final String     BUILD         = "";
+    public static final String     BUILD         = "3";
     
     /**
      *  This is the generic version string you should use

Modified: 
incubator/jspwiki/branches/JSPWIKI_2_6_BRANCH/src/com/ecyrd/jspwiki/attachment/AttachmentManager.java
URL: 
http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_6_BRANCH/src/com/ecyrd/jspwiki/attachment/AttachmentManager.java?rev=677493&r1=677492&r2=677493&view=diff
==============================================================================
--- 
incubator/jspwiki/branches/JSPWIKI_2_6_BRANCH/src/com/ecyrd/jspwiki/attachment/AttachmentManager.java
 (original)
+++ 
incubator/jspwiki/branches/JSPWIKI_2_6_BRANCH/src/com/ecyrd/jspwiki/attachment/AttachmentManager.java
 Wed Jul 16 20:23:16 2008
@@ -25,6 +25,7 @@
 import java.io.InputStream;
 import java.util.*;
 
+import org.apache.commons.lang.StringUtils;
 import org.apache.log4j.Logger;
 
 import com.ecyrd.jspwiki.*;
@@ -587,4 +588,53 @@
         m_engine.getReferenceManager().clearPageEntries( att.getName() );
 
     }
+
+    /**
+     *  Validates the filename and makes sure it is legal.  It trims and splits
+     *  and replaces bad characters.
+     *  
+     *  @param filename
+     *  @return A validated name with annoying characters replaced.
+     *  @throws WikiException If the filename is not legal (e.g. empty)
+     */
+    static String validateFileName( String filename )
+        throws WikiException
+    {
+        if( filename == null || filename.trim().length() == 0 )
+        {
+            AttachmentServlet.log.error("Empty file name given.");
+    
+            throw new WikiException("Empty file name given.");
+        }
+    
+        //
+        //  Should help with IE 5.22 on OSX
+        //
+        filename = filename.trim();
+
+        // If file name ends with .jsp, the user is being naughty!
+        if ( filename.endsWith( ".jsp" ) || filename.endsWith( ".JSP" ) )
+        {
+            AttachmentServlet.log.error( "Illegal file name." );
+            
+            throw new WikiException( "Illegal file name." );
+        }
+    
+        //
+        //  Some browser send the full path info with the filename, so we need
+        //  to remove it here by simply splitting along slashes and then 
taking the path.
+        //
+        
+        String[] splitpath = filename.split( "[/\\\\]" );
+        filename = splitpath[splitpath.length-1];
+        
+        //
+        //  Remove any characters that might be a problem. Most
+        //  importantly - characters that might stop processing
+        //  of the URL.
+        //
+        filename = StringUtils.replaceChars( filename, "#?\"'", "____" );
+    
+        return filename;
+    }
 }

Modified: 
incubator/jspwiki/branches/JSPWIKI_2_6_BRANCH/src/com/ecyrd/jspwiki/attachment/AttachmentServlet.java
URL: 
http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_6_BRANCH/src/com/ecyrd/jspwiki/attachment/AttachmentServlet.java?rev=677493&r1=677492&r2=677493&view=diff
==============================================================================
--- 
incubator/jspwiki/branches/JSPWIKI_2_6_BRANCH/src/com/ecyrd/jspwiki/attachment/AttachmentServlet.java
 (original)
+++ 
incubator/jspwiki/branches/JSPWIKI_2_6_BRANCH/src/com/ecyrd/jspwiki/attachment/AttachmentServlet.java
 Wed Jul 16 20:23:16 2008
@@ -673,6 +673,15 @@
     {
         boolean created = false;
 
+        try
+        {
+            filename = AttachmentManager.validateFileName( filename );
+        }
+        catch( WikiException e )
+        {
+            log.error( "Illegal filename given: "+e.getMessage() );
+            throw new RedirectException( e.getMessage(), errorPage );
+        }
         //
         //  FIXME: This has the unfortunate side effect that it will receive 
the
         //  contents.  But we can't figure out the page to redirect to

Reply via email to