org.apache.commons.fileupload
Class InvalidFileNameException

java.lang.Object
  extended by java.lang.Throwable
      extended by java.lang.Exception
          extended by java.lang.RuntimeException
              extended by org.apache.commons.fileupload.InvalidFileNameException
All Implemented Interfaces:
Serializable

public class InvalidFileNameException
extends RuntimeException

This exception is thrown in case of an invalid file name. A file name is invalid, if it contains a NUL character. Attackers might use this to circumvent security checks: For example, a malicious user might upload a file with the name "foo.exe\0.png". This file name might pass security checks (i.e. checks for the extension ".png"), while, depending on the underlying C library, it might create a file named "foo.exe", as the NUL character is the string terminator in C.

See Also:
Serialized Form

Constructor Summary
InvalidFileNameException(String pName, String pMessage)
          Creates a new instance.
 
Method Summary
 String getName()
          Returns the invalid file name.
 
Methods inherited from class java.lang.Throwable
fillInStackTrace, getCause, getLocalizedMessage, getMessage, getStackTrace, initCause, printStackTrace, printStackTrace, printStackTrace, setStackTrace, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

InvalidFileNameException

public InvalidFileNameException(String pName,
                                String pMessage)
Creates a new instance.

Parameters:
pName - The file name causing the exception.
pMessage - A human readable error message.
Method Detail

getName

public String getName()
Returns the invalid file name.



Copyright © 2002-2010 The Apache Software Foundation. All Rights Reserved.