javier/Stirling-PDF
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sanitized user-provided file names in HTTP multipart uploads

Browse Source
This commit is contained in:
pixeebot[bot]
2024-02-01 23:48:27 +00:00
parent c8481fdbef
commit c8dfe10a7c
38 changed files with 83 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/main/java/stirling/software/SPDF/utils/PdfUtils.java
View File

@@ -1,5 +1,6 @@
package stirling.software.SPDF.utils;
import io.github.pixee.security.Filenames;
import java.awt.Graphics;
import java.awt.image.BufferedImage;
import java.awt.image.RenderedImage;
@@ -299,7 +300,7 @@ public class PdfUtils {
try (PDDocument doc = new PDDocument()) {
for (MultipartFile file : files) {
String contentType = file.getContentType();
String originalFilename = file.getOriginalFilename();
String originalFilename = Filenames.toSimpleFileName(file.getOriginalFilename());
if (originalFilename != null
&& (originalFilename.toLowerCase().endsWith(".tiff")
|| originalFilename.toLowerCase().endsWith(".tif"))) {