You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@jspwiki.apache.org by aj...@apache.org on 2008/07/17 01:34:03 UTC

svn commit: r677467 - in /incubator/jspwiki/trunk: ChangeLog src/com/ecyrd/jspwiki/Release.java src/com/ecyrd/jspwiki/attachment/AttachmentManager.java

Author: ajaquith
Date: Wed Jul 16 16:34:03 2008
New Revision: 677467

URL: http://svn.apache.org/viewvc?rev=677467&view=rev
Log:
JSPWIKI-315: added extra checks to AttachmentServlet.

Modified:
    incubator/jspwiki/trunk/ChangeLog
    incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/Release.java
    incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/attachment/AttachmentManager.java

Modified: incubator/jspwiki/trunk/ChangeLog
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/ChangeLog?rev=677467&r1=677466&r2=677467&view=diff
==============================================================================
--- incubator/jspwiki/trunk/ChangeLog (original)
+++ incubator/jspwiki/trunk/ChangeLog Wed Jul 16 16:34:03 2008
@@ -1,3 +1,9 @@
+2008-07-03  Andrew Jaquith <ajaquith AT apache DOT org>
+
+        * 2.7.0-alpha-5
+        
+        * JSPWIKI-315: added extra checks to AttachmentServlet.
+        
 2008-07-10  Janne Jalkanen <ja...@apache.org>
 
         * 2.7.0-alpha-4

Modified: incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/Release.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/Release.java?rev=677467&r1=677466&r2=677467&view=diff
==============================================================================
--- incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/Release.java (original)
+++ incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/Release.java Wed Jul 16 16:34:03 2008
@@ -77,7 +77,7 @@
      *  <p>
      *  If the build identifier is empty, it is not added.
      */
-    public static final String     BUILD         = "4";
+    public static final String     BUILD         = "5";
     
     /**
      *  This is the generic version string you should use

Modified: incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/attachment/AttachmentManager.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/attachment/AttachmentManager.java?rev=677467&r1=677466&r2=677467&view=diff
==============================================================================
--- incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/attachment/AttachmentManager.java (original)
+++ incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/attachment/AttachmentManager.java Wed Jul 16 16:34:03 2008
@@ -612,6 +612,14 @@
         //  Should help with IE 5.22 on OSX
         //
         filename = filename.trim();
+
+        // If file name ends with .jsp, the user is being naughty!
+        if ( filename.endsWith( ".jsp" ) || filename.endsWith( ".JSP" ) )
+        {
+            AttachmentServlet.log.error( "Illegal file name." );
+            
+            throw new WikiException( "Illegal file name." );
+        }
     
         //
         //  Some browser send the full path info with the filename, so we need