Logo Search packages:      
Sourcecode: jlha-utils version File versions  Download package

boolean org::jlhafrontend::JLHAFrontEnd::checkDirTraversal ( String  filename  )  [inline]

check arbitrary directory traversal

Parameters:
filename The file name need to be checked
Returns:
true: not safe, false: safe

Definition at line 743 of file JLHAFrontEnd.java.

Referenced by extract().

                                                       {
    
        String[] splitstr= null;
        int i,j;

        if (filename.length() <= 0) {
            return false;
        }

        if (filename.indexOf("..") == -1) {
            return false;
        }

        splitstr = filename.split("["+File.separator+"]");
        
        j=0;
        for (i=0 ; i<splitstr.length ; i++) {
            if (splitstr[i]==null || splitstr[i].length()==0) {
              return true;
            }
            if (splitstr[i].compareTo("..")==0) {
                j--;
            } else if (splitstr[i].compareTo(".")==0) {
            } else {
                j++;
            }
            if (j<0) {
              return true;
            }
        }
        
        return false;
        
    }


Generated by  Doxygen 1.6.0   Back to index