[ http://issues.apache.org/jira/browse/FILEUPLOAD-122?page=comments#action_12458179 ] Henri Yandell commented on FILEUPLOAD-122: ------------------------------------------
Gotta watch the licensing on COS' multiparser too. > Filename may contain a full path > -------------------------------- > > Key: FILEUPLOAD-122 > URL: http://issues.apache.org/jira/browse/FILEUPLOAD-122 > Project: Commons FileUpload > Issue Type: Bug > Affects Versions: 1.1.1 > Reporter: Sebastian Beigel > Priority: Blocker > > The filename extracted from the content disposition may contain a full path > (i.e. as submitted by the Internet Explorer for example). > It's is important to check for this and strip the path information > accordingly as the upload fails if you use FileItem#getName() to build your > destination path. > I patched the abstract class FileUploadBase#getFileName(...) with a few lines > of code inspired by COS' MultiPartParser :) > Starting on line 447 (after fileName = fileName.trim(); ) > // The filename may contain a full path. Cut to just > the filename. > int slash = Math.max(fileName.lastIndexOf('/'), > fileName.lastIndexOf('\\')); // check for Unix AND Win separator > if (slash > -1) { > fileName = fileName.substring(slash + 1); // past > last slash > } -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
