You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2016/03/04 18:24:37 UTC
svn commit: r1733617 - in /tomcat/trunk:
java/org/apache/catalina/core/ApplicationPart.java webapps/docs/changelog.xml
Author: markt
Date: Fri Mar 4 17:24:36 2016
New Revision: 1733617
URL: http://svn.apache.org/viewvc?rev=1733617&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=59115
When using the Servlet 3.0 file upload, the submitted file name may be provided as a token or a quoted-string. If a quoted-string, unquote the string before returning it to the user.
Modified:
tomcat/trunk/java/org/apache/catalina/core/ApplicationPart.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/catalina/core/ApplicationPart.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/ApplicationPart.java?rev=1733617&r1=1733616&r2=1733617&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/core/ApplicationPart.java (original)
+++ tomcat/trunk/java/org/apache/catalina/core/ApplicationPart.java Fri Mar 4 17:24:36 2016
@@ -144,7 +144,11 @@ public class ApplicationPart implements
if (params.containsKey("filename")) {
fileName = params.get("filename");
if (fileName != null) {
- fileName = fileName.trim();
+ // This is a token or a quoted-string. If it is a token,
+ // there won't be any '\' characters. If it is a
+ // quoted-string it can be dequoted by removing the '\'
+ // characters.
+ fileName = fileName.trim().replaceAll("\\", "");
} else {
// Even if there is no value, the parameter is present,
// so we return an empty file name rather than no file
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1733617&r1=1733616&r2=1733617&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Mar 4 17:24:36 2016
@@ -150,6 +150,12 @@
the appBase before trying to expand an external WAR file into it.
(markt)
</fix>
+ <fix>
+ <bug>59115</bug>: When using the Servlet 3.0 file upload, the submitted
+ file name may be provided as a token or a quoted-string. If a
+ quoted-string, unquote the string before returning it to the user.
+ (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1733617 - in /tomcat/trunk:
java/org/apache/catalina/core/ApplicationPart.java webapps/docs/changelog.xml
Posted by Mark Thomas <ma...@apache.org>.
On 04/03/2016 17:55, Konstantin Kolinko wrote:
> 2016-03-04 20:24 GMT+03:00 <ma...@apache.org>:
>> Author: markt
>> Date: Fri Mar 4 17:24:36 2016
>> New Revision: 1733617
>>
>> URL: http://svn.apache.org/viewvc?rev=1733617&view=rev
>> Log:
>> Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=59115
>> When using the Servlet 3.0 file upload, the submitted file name may be provided as a token or a quoted-string. If a quoted-string, unquote the string before returning it to the user.
>>
>> Modified:
>> tomcat/trunk/java/org/apache/catalina/core/ApplicationPart.java
>> tomcat/trunk/webapps/docs/changelog.xml
>>
>> Modified: tomcat/trunk/java/org/apache/catalina/core/ApplicationPart.java
>> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/ApplicationPart.java?rev=1733617&r1=1733616&r2=1733617&view=diff
>> ==============================================================================
>> --- tomcat/trunk/java/org/apache/catalina/core/ApplicationPart.java (original)
>> +++ tomcat/trunk/java/org/apache/catalina/core/ApplicationPart.java Fri Mar 4 17:24:36 2016
>> @@ -144,7 +144,11 @@ public class ApplicationPart implements
>> if (params.containsKey("filename")) {
>> fileName = params.get("filename");
>> if (fileName != null) {
>> - fileName = fileName.trim();
>> + // This is a token or a quoted-string. If it is a token,
>> + // there won't be any '\' characters. If it is a
>> + // quoted-string it can be dequoted by removing the '\'
>> + // characters.
>> + fileName = fileName.trim().replaceAll("\\", "");
>
> I wonder whether single '\' is a valid regexp. Shouldn't it be double
> \\ ("\\\\" in Java) ?
You are right. I'll get that fixed now.
mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1733617 - in /tomcat/trunk: java/org/apache/catalina/core/ApplicationPart.java
webapps/docs/changelog.xml
Posted by Konstantin Kolinko <kn...@gmail.com>.
2016-03-04 20:24 GMT+03:00 <ma...@apache.org>:
> Author: markt
> Date: Fri Mar 4 17:24:36 2016
> New Revision: 1733617
>
> URL: http://svn.apache.org/viewvc?rev=1733617&view=rev
> Log:
> Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=59115
> When using the Servlet 3.0 file upload, the submitted file name may be provided as a token or a quoted-string. If a quoted-string, unquote the string before returning it to the user.
>
> Modified:
> tomcat/trunk/java/org/apache/catalina/core/ApplicationPart.java
> tomcat/trunk/webapps/docs/changelog.xml
>
> Modified: tomcat/trunk/java/org/apache/catalina/core/ApplicationPart.java
> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/ApplicationPart.java?rev=1733617&r1=1733616&r2=1733617&view=diff
> ==============================================================================
> --- tomcat/trunk/java/org/apache/catalina/core/ApplicationPart.java (original)
> +++ tomcat/trunk/java/org/apache/catalina/core/ApplicationPart.java Fri Mar 4 17:24:36 2016
> @@ -144,7 +144,11 @@ public class ApplicationPart implements
> if (params.containsKey("filename")) {
> fileName = params.get("filename");
> if (fileName != null) {
> - fileName = fileName.trim();
> + // This is a token or a quoted-string. If it is a token,
> + // there won't be any '\' characters. If it is a
> + // quoted-string it can be dequoted by removing the '\'
> + // characters.
> + fileName = fileName.trim().replaceAll("\\", "");
I wonder whether single '\' is a valid regexp. Shouldn't it be double
\\ ("\\\\" in Java) ?
> } else {
> // Even if there is no value, the parameter is present,
> // so we return an empty file name rather than no file
>
> Modified: tomcat/trunk/webapps/docs/changelog.xml
> URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1733617&r1=1733616&r2=1733617&view=diff
> ==============================================================================
> --- tomcat/trunk/webapps/docs/changelog.xml (original)
> +++ tomcat/trunk/webapps/docs/changelog.xml Fri Mar 4 17:24:36 2016
> @@ -150,6 +150,12 @@
> the appBase before trying to expand an external WAR file into it.
> (markt)
> </fix>
> + <fix>
> + <bug>59115</bug>: When using the Servlet 3.0 file upload, the submitted
> + file name may be provided as a token or a quoted-string. If a
> + quoted-string, unquote the string before returning it to the user.
> + (markt)
> + </fix>
> </changelog>
> </subsection>
> <subsection name="Coyote">
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org