File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes special char in an uploaded file Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "special char in an uploaded file" Watch "special char in an uploaded file" New topic
Author

special char in an uploaded file

ben oliver
Ranch Hand

Joined: Mar 28, 2006
Posts: 370
I have a servlet to let user upload file from their local machine. Before it is uploaded to my app server, I need to make sure there is no malicious characters in it. Can servlet get a ByteStream or InputStream from that local file ? shall I check malicious char from that stream ? After checking I can save that stream to server , does this make sense ?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39548
    
  27
What is a "malicious character"? Are the files in question text files? I'm asking because in a binary file, all bytes are possible.

The common file upload libraries (like Apache Commons FileUpload) give you access to the byte[] so that you can examine it to your heart's content.


Ping & DNS - updated with new look and Ping home screen widget
ben oliver
Ranch Hand

Joined: Mar 28, 2006
Posts: 370
actually now I am concerned about how to read the file. If the servlet let user specifies their local file by providing a "browse" button to get the file from their PC, can my servlet get a "bufferedReader" from that ? I like to have a "bufferedReader" so I can use "readLine()" to get a string for each line. I don't want to use byte[]. I know that if we have a file saved on local disk, it is easy to get a "bufferedreader" by getting a InputStreamReadeer object first (InputStreamReader cna be created from the file itself). But in the file upload case, I don't know how to get a bufferedreader object from it ?

Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39548
    
  27
Well, most fundamentally a file consists of bytes. The upload library can't provide you with a Reader, because it doesn't know which encoding the file is in. But the FileUpload library provides you with an InputStream (check the FileItem class), around which you can wrap any Reader you want.
 
 
subject: special char in an uploaded file
 
Similar Threads
transferring file from one servelt as a stream to another servlet
Potential File Upload/Malicious File Execution
How to check the integrity of uploaded file
getting the details of the file from the servlet
Include HTML as static resource