You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by ja...@apache.org on 2008/08/16 11:34:14 UTC
svn commit: r686470 -
/incubator/jspwiki/branches/JSPWIKI_2_6_BRANCH/src/com/ecyrd/jspwiki/attachment/AttachmentManager.java
Author: jalkanen
Date: Sat Aug 16 02:34:13 2008
New Revision: 686470
URL: http://svn.apache.org/viewvc?rev=686470&view=rev
Log:
Better fix for JSPWIKI-319 by actually checking for case properly.
Modified:
incubator/jspwiki/branches/JSPWIKI_2_6_BRANCH/src/com/ecyrd/jspwiki/attachment/AttachmentManager.java
Modified: incubator/jspwiki/branches/JSPWIKI_2_6_BRANCH/src/com/ecyrd/jspwiki/attachment/AttachmentManager.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_6_BRANCH/src/com/ecyrd/jspwiki/attachment/AttachmentManager.java?rev=686470&r1=686469&r2=686470&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_6_BRANCH/src/com/ecyrd/jspwiki/attachment/AttachmentManager.java (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_6_BRANCH/src/com/ecyrd/jspwiki/attachment/AttachmentManager.java Sat Aug 16 02:34:13 2008
@@ -612,12 +612,13 @@
//
filename = filename.trim();
- // If file name ends with .jsp, the user is being naughty!
- if ( filename.endsWith( ".jsp" ) || filename.endsWith( ".JSP" ) )
+ // If file name ends with .jsp or .jspf, the user is being naughty!
+ if( filename.toLowerCase().endsWith( ".jsp" ) || filename.toLowerCase().endsWith(".jspf") )
{
- AttachmentServlet.log.error( "Illegal file name." );
+ log.info( "Attempt to upload a file with a .jsp/.jspf extension. In certain cases this" +
+ " can trigger unwanted security side effects, so we're preventing it." );
- throw new WikiException( "Illegal file name." );
+ throw new WikiException( "Unwanted file name." );
}
//