Mercurial > hg > release > icedtea6-1.7
changeset 1926:d133c2298825
Netx: make path sanitization consistent; use a blacklisting approach.
2010-06-29 Omair Majid <omajid@redhat.com>
* netx/net/sourceforge/jnlp/cache/CacheUtil.java
(urlToPath): Call FileUtils.sanitizePath.
(fixPath): Moved to...
* netx/net/sourceforge/jnlp/util/FileUtils.java
(sanitizePath): New function. Moved from CacheUtil.java
(sanitizeFileName): Use a blacklisting approach rather than a whitelisting
approach: should work better with non ascii filenames.
author | Omair Majid <omajid@redhat.com> |
---|---|
date | Tue, 29 Jun 2010 14:19:38 -0400 |
parents | a8aeb44946cb |
children | 4bbd10e42fd2 |
files | ChangeLog rt/net/sourceforge/jnlp/cache/CacheUtil.java rt/net/sourceforge/jnlp/util/FileUtils.java |
diffstat | 3 files changed, 49 insertions(+), 29 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Fri Jul 09 10:59:53 2010 -0400 +++ b/ChangeLog Tue Jun 29 14:19:38 2010 -0400 @@ -1,3 +1,13 @@ +2010-06-29 Omair Majid <omajid@redhat.com> + + * netx/net/sourceforge/jnlp/cache/CacheUtil.java + (urlToPath): Call FileUtils.sanitizePath. + (fixPath): Moved to... + * netx/net/sourceforge/jnlp/util/FileUtils.java + (sanitizePath): New function. Moved from CacheUtil.java + (sanitizeFileName): Use a blacklisting approach rather than a whitelisting + approach: should work better with non ascii filenames. + 2010-07-09 Deepak Bhole <dbhole@redhat.com> * plugin/icedteanp/IcedTeaJavaRequestProcessor.cc: Updated copyright date.
--- a/rt/net/sourceforge/jnlp/cache/CacheUtil.java Fri Jul 09 10:59:53 2010 -0400 +++ b/rt/net/sourceforge/jnlp/cache/CacheUtil.java Tue Jun 29 14:19:38 2010 -0400 @@ -26,6 +26,7 @@ import net.sourceforge.jnlp.*; import net.sourceforge.jnlp.runtime.*; +import net.sourceforge.jnlp.util.FileUtils; /** * Provides static methods to interact with the cache, download @@ -300,23 +301,9 @@ path.append(File.separatorChar); path.append(location.getPath().replace('/', File.separatorChar)); - return new File(JNLPRuntime.getBaseDir(), fixPath(path.toString())); + return new File(JNLPRuntime.getBaseDir(), FileUtils.sanitizePath(path.toString())); } - /** - * Clean up a string by removing characters that can't appear in - * a local file name. - */ - private static String fixPath(String path) { - char badChars[] = { '\\', '/', ':', '*', '?', '"', '<', '>', '|' }; - - for (int i=0; i < badChars.length; i++) - if (badChars[i] != File.separatorChar) - if (-1 != path.indexOf(badChars[i])) - path = path.replace(badChars[i], 'X'); - - return path; - } /** * Waits until the resources are downloaded, while showing a
--- a/rt/net/sourceforge/jnlp/util/FileUtils.java Fri Jul 09 10:59:53 2010 -0400 +++ b/rt/net/sourceforge/jnlp/util/FileUtils.java Tue Jun 29 14:19:38 2010 -0400 @@ -14,35 +14,58 @@ // License along with this library; if not, write to the Free Software // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - package net.sourceforge.jnlp.util; +import java.io.File; + /** - * This class contains a few file-related utility functions. + * This class contains a few file-related utility functions. * * @author Omair Majid */ -public class FileUtils { +public final class FileUtils { + + /** + * list of characters not allowed in filenames + */ + private static final char INVALID_CHARS[] = { '\\', '/', ':', '*', '?', '"', '<', '>', '|' }; + + private static final char SANITIZED_CHAR = '_'; - + /** + * Clean up a string by removing characters that can't appear in a local + * file name. + * + * @param path + * the path to sanitize + * @return a sanitized version of the input which is suitable for using as a + * file path + */ + public static String sanitizePath(String path) { + + for (int i = 0; i < INVALID_CHARS.length; i++) + if (INVALID_CHARS[i] != File.separatorChar) + if (-1 != path.indexOf(INVALID_CHARS[i])) + path = path.replace(INVALID_CHARS[i], SANITIZED_CHAR); + + return path; + } + /** * Given an input, return a sanitized form of the input suitable for use as * a file/directory name - * + * * @param input * @return a sanitized version of the input */ - public static String sanitizeFileName(String input) { + public static String sanitizeFileName(String filename) { - /* - * FIXME - * - * Assuming safe characters are 'a-z','A-Z','0-9', '_', '.' - */ + for (int i = 0; i < INVALID_CHARS.length; i++) + if (-1 != filename.indexOf(INVALID_CHARS[i])) + filename = filename.replace(INVALID_CHARS[i], SANITIZED_CHAR); - String sanitizedName = input.replaceAll("[^a-zA-Z0-9.]", "_"); - return sanitizedName; + return filename; } - + }