Meaningless Drivel is fun!*
The moose likes Servlets and the fly likes special char in an uploaded file Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "special char in an uploaded file" Watch "special char in an uploaded file" New topic
Author

special char in an uploaded file

ben oliver
Ranch Hand

Joined: Mar 28, 2006
Posts: 374
I have a servlet to let user upload file from their local machine. Before it is uploaded to my app server, I need to make sure there is no malicious characters in it. Can servlet get a ByteStream or InputStream from that local file ? shall I check malicious char from that stream ? After checking I can save that stream to server , does this make sense ?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41182
    
  45
What is a "malicious character"? Are the files in question text files? I'm asking because in a binary file, all bytes are possible.

The common file upload libraries (like Apache Commons FileUpload) give you access to the byte[] so that you can examine it to your heart's content.


Ping & DNS - my free Android networking tools app
ben oliver
Ranch Hand

Joined: Mar 28, 2006
Posts: 374
actually now I am concerned about how to read the file. If the servlet let user specifies their local file by providing a "browse" button to get the file from their PC, can my servlet get a "bufferedReader" from that ? I like to have a "bufferedReader" so I can use "readLine()" to get a string for each line. I don't want to use byte[]. I know that if we have a file saved on local disk, it is easy to get a "bufferedreader" by getting a InputStreamReadeer object first (InputStreamReader cna be created from the file itself). But in the file upload case, I don't know how to get a bufferedreader object from it ?

Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41182
    
  45
Well, most fundamentally a file consists of bytes. The upload library can't provide you with a Reader, because it doesn't know which encoding the file is in. But the FileUpload library provides you with an InputStream (check the FileItem class), around which you can wrap any Reader you want.
 
Don't get me started about those stupid light bulbs.
 
subject: special char in an uploaded file
 
Similar Threads
Potential File Upload/Malicious File Execution
getting the details of the file from the servlet
transferring file from one servelt as a stream to another servlet
Include HTML as static resource
How to check the integrity of uploaded file