You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by da...@apache.org on 2023/01/02 14:51:38 UTC
[camel] branch main updated: CAMEL-18825: Fix https://github.com/apache/camel/security/code-scanning/49
This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new 6dcdfb748f8 CAMEL-18825: Fix https://github.com/apache/camel/security/code-scanning/49
6dcdfb748f8 is described below
commit 6dcdfb748f8fc21456af4d9d6d141cedbd20469e
Author: Claus Ibsen <cl...@gmail.com>
AuthorDate: Mon Jan 2 15:51:29 2023 +0100
CAMEL-18825: Fix https://github.com/apache/camel/security/code-scanning/49
---
.../src/main/java/org/apache/camel/component/mail/MailBinding.java | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/components/camel-mail/src/main/java/org/apache/camel/component/mail/MailBinding.java b/components/camel-mail/src/main/java/org/apache/camel/component/mail/MailBinding.java
index 6a95c81934a..709daa7b46b 100644
--- a/components/camel-mail/src/main/java/org/apache/camel/component/mail/MailBinding.java
+++ b/components/camel-mail/src/main/java/org/apache/camel/component/mail/MailBinding.java
@@ -369,6 +369,10 @@ public class MailBinding {
} else {
String disposition = part.getDisposition();
String fileName = part.getFileName();
+ // fix file name if using malicious parameter name
+ if (fileName != null) {
+ fileName = fileName.replaceAll("[\n\r\t]", "_");
+ }
if (isAttachment(disposition) && (fileName == null || fileName.isEmpty())) {
if (generateMissingAttachmentNames != null