Package org.primefaces.util
Class FileUploadUtils
java.lang.Object
org.primefaces.util.FileUploadUtils
Utilities for FileUpload components.
-
Method Summary
Modifier and TypeMethodDescriptionstatic String
checkPathTraversal
(String relativePath) OWASP prevent directory path traversal of "../../image.png".protected static String
convertJavaScriptRegex
(String jsRegex) Converts a JavaScript regular expression like '/(\.|\/)(gif|jpe?g|png)$/i' to the Java usable format '(\\.|\\/)(gif|jpe?g|png)$'static <T extends javax.servlet.http.HttpServletRequest>
PathgetChunkDir
(T request) static <T extends javax.servlet.http.HttpServletRequest>
FileUploadChunkDecoder<T>getFileUploadChunkDecoder
(T request) static String
getValidFilename
(String filename) static String
getValidFilePath
(String filePath) static boolean
static boolean
isValidType
(PrimeApplicationContext context, FileUpload fileUpload, UploadedFile uploadedFile) Check if an uploaded file meets all specifications regarding its filename and content type.listChunks
(Path path) listChunks
(T request) static void
performVirusScan
(javax.faces.context.FacesContext facesContext, UploadedFile file) static void
tryValidateFile
(javax.faces.context.FacesContext context, FileUpload fileUpload, UploadedFile uploadedFile) static void
tryValidateFiles
(javax.faces.context.FacesContext context, FileUpload fileUpload, List<UploadedFile> files)
-
Method Details
-
getValidFilename
-
getValidFilePath
public static String getValidFilePath(String filePath) throws org.primefaces.shaded.owasp.ValidationException - Throws:
org.primefaces.shaded.owasp.ValidationException
-
isSystemWindows
public static boolean isSystemWindows() -
isValidType
public static boolean isValidType(PrimeApplicationContext context, FileUpload fileUpload, UploadedFile uploadedFile) Check if an uploaded file meets all specifications regarding its filename and content type. It evaluatesFileUploadBase.getAllowTypes()
as well asFileUploadBase.getAccept()
and uses the installedFileTypeDetector
implementation. For most reliable content type checking it's recommended to plug in Apache Tika as an implementation.- Parameters:
context
- thePrimeApplicationContext
fileUpload
- theFileUpload
componentuploadedFile
- the details of the uploaded file- Returns:
true
, if all validations regarding filename and content type passed,false
else
-
convertJavaScriptRegex
Converts a JavaScript regular expression like '/(\.|\/)(gif|jpe?g|png)$/i' to the Java usable format '(\\.|\\/)(gif|jpe?g|png)$'- Parameters:
jsRegex
- the client side JavaScript regex- Returns:
- the Java converted version of the regex
-
performVirusScan
public static void performVirusScan(javax.faces.context.FacesContext facesContext, UploadedFile file) throws VirusException - Throws:
VirusException
-
tryValidateFile
public static void tryValidateFile(javax.faces.context.FacesContext context, FileUpload fileUpload, UploadedFile uploadedFile) throws javax.faces.validator.ValidatorException - Throws:
javax.faces.validator.ValidatorException
-
tryValidateFiles
public static void tryValidateFiles(javax.faces.context.FacesContext context, FileUpload fileUpload, List<UploadedFile> files) -
checkPathTraversal
OWASP prevent directory path traversal of "../../image.png".- Parameters:
relativePath
- the relative path to check for path traversal- Returns:
- the relative path
- Throws:
javax.faces.FacesException
- if any error is detected- See Also:
-
listChunks
-
listChunks
-
getFileUploadChunkDecoder
public static <T extends javax.servlet.http.HttpServletRequest> FileUploadChunkDecoder<T> getFileUploadChunkDecoder(T request) -
getChunkDir
-