Index: /FCKeditor.Java/branches/2.4/src/main/java/net/fckeditor/connector/ConnectorServlet.java =================================================================== --- /FCKeditor.Java/branches/2.4/src/main/java/net/fckeditor/connector/ConnectorServlet.java (revision 1376) +++ /FCKeditor.Java/branches/2.4/src/main/java/net/fckeditor/connector/ConnectorServlet.java (revision 1377) @@ -114,5 +114,5 @@ String typeStr = request.getParameter("Type"); String currentFolderStr = request.getParameter("CurrentFolder"); - + boolean validPath = Utils.isValidPath(currentFolderStr); // TODO untersuchen wie es vom Res Browser kommt String currentPath = constructTypeBasedFolderString(typeStr, currentFolderStr); @@ -121,5 +121,5 @@ File currentDir = new File(currentDirPath); if (!currentDir.exists()) { - currentDir.mkdir(); + currentDir.mkdirs(); logger.debug("Dir successfull created: " + currentDirPath); } Index: /FCKeditor.Java/branches/2.4/src/main/java/net/fckeditor/tool/Utils.java =================================================================== --- /FCKeditor.Java/branches/2.4/src/main/java/net/fckeditor/tool/Utils.java (revision 1376) +++ /FCKeditor.Java/branches/2.4/src/main/java/net/fckeditor/tool/Utils.java (revision 1377) @@ -24,4 +24,6 @@ import java.util.Set; import java.util.StringTokenizer; + +import org.apache.commons.io.FilenameUtils; /** @@ -119,5 +121,5 @@ // TODO code isn't very beautiful, is there a better way besides looping through the filename? - static String forceSingleExtension (final String filename) { + public static String forceSingleExtension (final String filename) { int lastDotPosition = filename.lastIndexOf("."); @@ -129,8 +131,22 @@ } - static boolean isSingleExtension (final String filename) { + public static boolean isSingleExtension (final String filename) { return filename.matches("[^\\.]+\\.[^\\.]+"); } + + public static boolean isValidPath (final String path) { + + if (isEmpty(path)) + return false; + + if (!path.startsWith("/")) + return false; + + if (isEmpty(FilenameUtils.normalize(path))) + return false; + + return true; + } } Index: /FCKeditor.Java/branches/2.4/src/test/java/net/fckeditor/tool/UtilsTest.java =================================================================== --- /FCKeditor.Java/branches/2.4/src/test/java/net/fckeditor/tool/UtilsTest.java (revision 1376) +++ /FCKeditor.Java/branches/2.4/src/test/java/net/fckeditor/tool/UtilsTest.java (revision 1377) @@ -146,3 +146,51 @@ assertEquals("hacked_.txt", actual); } + + @Test + public void isValidPath01 () { + String path = ""; + boolean condition = !Utils.isValidPath(path); + assertTrue(condition); + } + @Test + public void isValidPath02 () { + String path = "/"; + boolean condition = Utils.isValidPath(path); + assertTrue(condition); + } + + @Test + public void isValidPath03 () { + String path = "/./"; + boolean condition = Utils.isValidPath(path); + assertTrue(condition); + } + + @Test + public void isValidPath04 () { + String path = "/newf/.."; + boolean condition = Utils.isValidPath(path); + assertTrue(condition); + } + + @Test + public void isValidPath05 () { + String path = "/../"; + boolean condition = !Utils.isValidPath(path); + assertTrue(condition); + } + + @Test + public void isValidPath06 () { + String path = "/stuff/../.."; + boolean condition = !Utils.isValidPath(path); + assertTrue(condition); + } + + @Test + public void isValidPath07 () { + String path = "/my/stuff/.."; + boolean condition = Utils.isValidPath(path); + assertTrue(condition); + } }