| | |
|---|
| | | public String getFileName(HttpExchange e) throws IllegalArgumentException { |
|---|
| | | String ctxPath = e.getHttpContext().getPath(); |
|---|
| | | String uriPath = e.getRequestURI().getPath(); |
|---|
| | | return fixFileName(uriPath.substring(ctxPath.length())); |
|---|
| | | return inspectFileName(uriPath.substring(ctxPath.length())); |
|---|
| | | } |
|---|
| | | |
|---|
| | | public String fixFileName(String fileName) throws IllegalArgumentException { |
|---|
| | | public String inspectFileName(String fileName) throws IllegalArgumentException { |
|---|
| | | if (fileName == null |
|---|
| | | || fileName.contains("..") |
|---|
| | | || fileName.contains("/") |
|---|
| | | || fileName.contains("\\")) { |
|---|
| | | || fileName.contains("..")) { |
|---|
| | | //|| fileName.contains("/") |
|---|
| | | //|| fileName.contains("\\")) { |
|---|
| | | throw new IllegalArgumentException("Invalid file name"); |
|---|
| | | } |
|---|
| | | return fileName; |
|---|
