Sanitized user-provided file names in HTTP multipart uploads

2024-02-08 02:46:39 +00:00
parent 4af58118c9
commit 4e937a6024
1 changed files with 1 additions and 1 deletions
--- a/src/main/java/stirling/software/SPDF/controller/api/misc/ShowJavascript.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/misc/ShowJavascript.java
@@ -68,7 +68,7 @@ public class ShowJavascript {

            if (script.isEmpty()) {
                script =
-                        "PDF '" + inputFile.getOriginalFilename() + "' does not contain Javascript";
+                        "PDF '" + Filenames.toSimpleFileName(inputFile.getOriginalFilename()) + "' does not contain Javascript";
            }

            return WebResponseUtils.bytesToWebResponse(