aspose file tools*
The moose likes Servlets and the fly likes special char in an uploaded file Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "special char in an uploaded file" Watch "special char in an uploaded file" New topic
Author

special char in an uploaded file

ben oliver
Ranch Hand

Joined: Mar 28, 2006
Posts: 375
I have a servlet to let user upload file from their local machine. Before it is uploaded to my app server, I need to make sure there is no malicious characters in it. Can servlet get a ByteStream or InputStream from that local file ? shall I check malicious char from that stream ? After checking I can save that stream to server , does this make sense ?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42946
    
  70
What is a "malicious character"? Are the files in question text files? I'm asking because in a binary file, all bytes are possible.

The common file upload libraries (like Apache Commons FileUpload) give you access to the byte[] so that you can examine it to your heart's content.
ben oliver
Ranch Hand

Joined: Mar 28, 2006
Posts: 375
actually now I am concerned about how to read the file. If the servlet let user specifies their local file by providing a "browse" button to get the file from their PC, can my servlet get a "bufferedReader" from that ? I like to have a "bufferedReader" so I can use "readLine()" to get a string for each line. I don't want to use byte[]. I know that if we have a file saved on local disk, it is easy to get a "bufferedreader" by getting a InputStreamReadeer object first (InputStreamReader cna be created from the file itself). But in the file upload case, I don't know how to get a bufferedreader object from it ?

Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42946
    
  70
Well, most fundamentally a file consists of bytes. The upload library can't provide you with a Reader, because it doesn't know which encoding the file is in. But the FileUpload library provides you with an InputStream (check the FileItem class), around which you can wrap any Reader you want.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: special char in an uploaded file