Skip to content

Commit

Permalink
ASCII encode ContentDisposition file name
Browse files Browse the repository at this point in the history
Signed-off-by: Maxim Nesen <maxim.nesen@oracle.com>
  • Loading branch information
senivam committed Jan 24, 2024
1 parent e4c3bf5 commit 9b06293
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 7 deletions.
3 changes: 2 additions & 1 deletion connectors/jdk-connector/pom.xml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<?xml version="1.0"?>
<!--
Copyright (c) 2011, 2023 Oracle and/or its affiliates. All rights reserved.
Copyright (c) 2011, 2024 Oracle and/or its affiliates. All rights reserved.
This program and the accompanying materials are made available under the
terms of the Eclipse Public License v. 2.0, which is available at
Expand Down Expand Up @@ -98,6 +98,7 @@
<reuseForks>false</reuseForks>
<excludes>
<exclude>**/SslFilterTLS13Test.java</exclude>
<exclude>**/SslFilterTLS13UrlStoresTest.java</exclude>
</excludes>
</configuration>
</plugin>
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, 2023 Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2010, 2024 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0, which is available at
Expand Down Expand Up @@ -28,8 +28,6 @@
import org.glassfish.jersey.message.internal.HttpHeaderReader;
import org.glassfish.jersey.uri.UriComponent;

import javax.ws.rs.core.HttpHeaders;

/**
* A content disposition header.
*
Expand Down Expand Up @@ -63,7 +61,7 @@ public class ContentDisposition {
protected ContentDisposition(final String type, final String fileName, final Date creationDate,
final Date modificationDate, final Date readDate, final long size) {
this.type = type;
this.fileName = fileName;
this.fileName = encodeAsciiFileName(fileName);
this.creationDate = creationDate;
this.modificationDate = modificationDate;
this.readDate = readDate;
Expand Down Expand Up @@ -211,6 +209,24 @@ protected void addLongParameter(final StringBuilder sb, final String name, final
}
}

protected String encodeAsciiFileName(String fileName) {
if (fileName == null
|| (fileName.indexOf('"') == -1
&& fileName.indexOf('\\') == -1)) {
return fileName;
}
final byte[] bytes = fileName.getBytes();
final StringBuilder encodedBuffer = new StringBuilder();
for (byte x : bytes) {
char c = (char) x;
if (c == '"' || c == '\\') {
encodedBuffer.append('\\');
}
encodedBuffer.append(c);
}
return encodedBuffer.toString();
}

private void createParameters() throws ParseException {
defineFileName();

Expand All @@ -229,7 +245,7 @@ private void defineFileName() throws ParseException {
final String fileNameExt = parameters.get("filename*");

if (fileNameExt == null) {
this.fileName = fileName;
this.fileName = encodeAsciiFileName(fileName);
return;
}

Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2014, 2023 Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2014, 2024 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0, which is available at
Expand Down Expand Up @@ -88,6 +88,14 @@ public void testCreate() {
}
}

@Test
void testContentDispositionEncoded() {
final Date date = new Date();
final ContentDisposition contentDisposition = ContentDisposition.type(contentDispositionType).fileName("\"rm\\ -rf\".sh")
.creationDate(date).modificationDate(date).readDate(date).size(312).build();
assertEquals("\\\"rm\\\\ -rf\\\".sh", contentDisposition.getFileName());
}

@Test
public void testToString() {
final Date date = new Date();
Expand Down

0 comments on commit 9b06293

Please sign in to comment.