Apache
/
poi
mirror of https://github.com/apache/poi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

make validateEntryNames use case insensitive check 

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1919058 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
PJ Fanning 2024-07-09 09:46:46 +00:00
parent 894ef6e1bd
commit c1d6d0d4a1
2 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipInputStreamZipEntrySource.java
View File

@ -22,6 +22,7 @@ import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
@ -90,6 +91,8 @@ public class ZipInputStreamZipEntrySource implements ZipEntrySource {
* into memory, and don't close (since POI 4.0.1) the source stream.
* We'll then eat lots of memory, but be able to
* work with the entries at-will.
* @throws IOException if an error occurs while reading the zip entries
* @throws InvalidZipException if the input file contains an entry with an empty name or more than 1 entry with the same name
* @see #setThresholdBytesForTempFiles
*/
public ZipInputStreamZipEntrySource(ZipArchiveThresholdInputStream inp) throws IOException {
@ -100,8 +103,12 @@ public class ZipInputStreamZipEntrySource implements ZipEntrySource {
break;
}
String name = zipEntry.getName();
if (name == null || name.isEmpty()) {
throw new InvalidZipException("Input file contains an entry with an empty name");
}
name = name.toLowerCase(Locale.ROOT);
if (filenames.contains(name)) {
throw new InvalidZipException("Input file contains more than 1 entry with the name " + name);
throw new InvalidZipException("Input file contains more than 1 entry with the name " + zipEntry.getName());
}
filenames.add(name);
zipEntries.put(name, new ZipArchiveFakeEntry(zipEntry, inp));

10
poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java
View File

@ -21,6 +21,7 @@ import java.io.File;
import java.io.IOException;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Locale;
import java.util.Set;
import org.apache.commons.compress.archivers.zip.ZipArchiveEntry;
@ -257,9 +258,14 @@ public class ZipSecureFile extends ZipFile {
final Enumeration<ZipArchiveEntry> en = getEntries();
final Set<String> filenames = new HashSet<>();
while (en.hasMoreElements()) {
String name = en.nextElement().getName();
final ZipArchiveEntry entry = en.nextElement();
String name = entry.getName();
if (name == null || name.isEmpty()) {
throw new InvalidZipException("Input file contains an entry with an empty name");
}
name = name.toLowerCase(Locale.ROOT);
if (filenames.contains(name)) {
throw new InvalidZipException("Input file contains more than 1 entry with the name " + name);
throw new InvalidZipException("Input file contains more than 1 entry with the name " + entry.getName());
}
filenames.add(name);
}