Review Request for JDK-8003992: File and other classes in java.io do not handle embedded nulls properly (original) (raw)

Alan Bateman Alan.Bateman at oracle.com
Sun Mar 3 21:01:04 UTC 2013

• Previous message: Review Request for JDK-8003992: File and other classes in java.io do not handle embedded nulls properly
• Next message: Review Request for JDK-8003992: File and other classes in java.io do not handle embedded nulls properly
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 03/03/2013 20:00, Florian Weimer wrote:

You check that the file ends with ".jpg", so it won't be interpreted by the web server, but the full extension is actually ".php\000.jpg", so you end up writing a ".php" file, which is. The application have have the path String ".php\000.jpg" but when you create the file (with FileOutputStream or other APIs) then it would be ".php.jpg". Another potential approach is to just fail when attempting to create the file but changing File's constructor to throw an exception would be an incompatible change.

-Alan

• Previous message: Review Request for JDK-8003992: File and other classes in java.io do not handle embedded nulls properly
• Next message: Review Request for JDK-8003992: File and other classes in java.io do not handle embedded nulls properly
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the core-libs-dev mailing list