Bug#304712: avaMail allows directory traversal in attachments
(CAN-2005-1105)
Florian Weimer
fw at deneb.enyo.de
Wed Apr 25 05:12:42 UTC 2007
* Javier Serrano Polo:
> El dt 24 de 04 del 2007 a les 19:17 +0200, en/na Florian Weimer va
> escriure:
>> I guess the documentation shoud be clarified:
>
> I don't know where that text came from (it's in a previous link, I
> know). From:
It's from the GNU implementation against which this bug report was
filed.
> http://java.sun.com/j2ee/1.4/docs/api/javax/mail/internet/MimeBodyPart.html#getFileName()
>
> Get the filename associated with this body part.
>
> Returns the value of the "filename" parameter from the
> "Content-Disposition" header field of this body part. If its not
> available, returns the value of the "name" parameter from the
> "Content-Type" header field of this body part. Returns null if
> both are absent.
>
> Pretty clear, isn't it?
As far as a specification goes, yes, but it could be more helpful to
those who try to use this API safely.
More information about the pkg-java-maintainers
mailing list