You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by ja...@apache.org on 2008/08/16 12:36:36 UTC
svn commit: r686471 -
/incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/attachment/AttachmentManager.java
Author: jalkanen
Date: Sat Aug 16 03:36:35 2008
New Revision: 686471
URL: http://svn.apache.org/viewvc?rev=686471&view=rev
Log:
JSPWIKI-315: Now tests for cases properly.
Modified:
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/attachment/AttachmentManager.java
Modified: incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/attachment/AttachmentManager.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/attachment/AttachmentManager.java?rev=686471&r1=686470&r2=686471&view=diff
==============================================================================
--- incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/attachment/AttachmentManager.java (original)
+++ incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/attachment/AttachmentManager.java Sat Aug 16 03:36:35 2008
@@ -613,12 +613,13 @@
//
filename = filename.trim();
- // If file name ends with .jsp, the user is being naughty!
- if ( filename.endsWith( ".jsp" ) || filename.endsWith( ".JSP" ) )
+ // If file name ends with .jsp or .jspf, the user is being naughty!
+ if( filename.toLowerCase().endsWith( ".jsp" ) || filename.toLowerCase().endsWith(".jspf") )
{
- AttachmentServlet.log.error( "Illegal file name." );
+ log.info( "Attempt to upload a file with a .jsp/.jspf extension. In certain cases this" +
+ " can trigger unwanted security side effects, so we're preventing it." );
- throw new WikiException( "Illegal file name." );
+ throw new WikiException( "Unwanted file name." );
}
//