hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-07 01:54:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Escape special chars in filename which includes user input

Browse Source
This commit is contained in:
Tim Donohue
2020-07-27 15:08:05 -05:00
parent c323b989d2
commit 79e4e3b497
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dspace-sword/src/main/java/org/dspace/sword/DepositManager.java
View File

@@ -245,6 +245,8 @@ public class DepositManager {
String filenameBase =
"sword-" + deposit.getUsername() + "-" + (new Date()).getTime();
// No dots or slashes allowed in filename
filenameBase = filenameBase.replaceAll("\\.", "").replaceAll("/", ""). replaceAll("\\\\", "");
File packageFile = new File(path, filenameBase);
File headersFile = new File(path, filenameBase + "-headers");