NIHVIVO-918 Merge 5377 from branch
This commit is contained in:
jeb228
parent
38130db941
commit
50cc897669
8 changed files with 38 additions and 12 deletions
|
|
@ -2,6 +2,9 @@
|
|||
|
||||
package edu.cornell.mannlib.vitro.webapp.filestorage;
|
||||
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.net.URLEncoder;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
|
|
@ -42,7 +45,8 @@ public class FileServingHelper {
|
|||
/**
|
||||
* <p>
|
||||
* Combine the URI and the filename to produce a relative URL for the file
|
||||
* (relative to the context of the webapp).
|
||||
* (relative to the context of the webapp). The filename will be URLEncoded
|
||||
* as needed.
|
||||
* </p>
|
||||
* <p>
|
||||
* This should involve stripping the default namespace from the front of the
|
||||
|
|
@ -66,6 +70,13 @@ public class FileServingHelper {
|
|||
return uri;
|
||||
}
|
||||
String remainder = uri.substring(DEFAULT_NAMESPACE.length());
|
||||
|
||||
try {
|
||||
filename = URLEncoder.encode(filename, "UTF-8");
|
||||
} catch (UnsupportedEncodingException e) {
|
||||
log.error("No UTF-8 encoding?", e); // Can't happen.
|
||||
}
|
||||
|
||||
String separator = remainder.endsWith("/") ? "" : "/";
|
||||
return FILE_PATH + remainder + separator + filename;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,6 +9,8 @@ import static javax.servlet.http.HttpServletResponse.SC_OK;
|
|||
import java.io.FileNotFoundException;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.net.URLDecoder;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletOutputStream;
|
||||
|
|
@ -95,7 +97,8 @@ public class FileServingServlet extends VitroHttpServlet {
|
|||
response.sendError(SC_NOT_FOUND, ("File not found: " + path));
|
||||
return;
|
||||
}
|
||||
if (!actualFilename.equals(requestedFilename)) {
|
||||
if (!actualFilename.equals(requestedFilename)
|
||||
&& !actualFilename.equals(decode(requestedFilename))) {
|
||||
log.warn("The requested filename does not match the "
|
||||
+ "actual filename; request: '" + path + "', actual: '"
|
||||
+ actualFilename + "'");
|
||||
|
|
@ -163,6 +166,18 @@ public class FileServingServlet extends VitroHttpServlet {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* The filename may have been encoded for URL transfer.
|
||||
*/
|
||||
private String decode(String filename) {
|
||||
try {
|
||||
return URLDecoder.decode(filename, "UTF-8");
|
||||
} catch (UnsupportedEncodingException e) {
|
||||
log.error("How did this happen?", e);
|
||||
return filename;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A POST request is treated the same as a GET request.
|
||||
*/
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue