javier/Stirling-PDF
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sanitized user-provided file names in HTTP multipart uploads

Browse Source
This commit is contained in:
pixeebot[bot]
2024-02-01 23:48:27 +00:00
parent c8481fdbef
commit c8dfe10a7c
38 changed files with 83 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/main/java/stirling/software/SPDF/utils/PDFToFile.java
View File

@@ -1,5 +1,6 @@
package stirling.software.SPDF.utils;
import io.github.pixee.security.Filenames;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
@@ -32,7 +33,7 @@ public class PDFToFile {
}
// Get the original PDF file name without the extension
String originalPdfFileName = inputFile.getOriginalFilename();
String originalPdfFileName = Filenames.toSimpleFileName(inputFile.getOriginalFilename());
String pdfBaseName = originalPdfFileName.substring(0, originalPdfFileName.lastIndexOf('.'));
// Validate output format