001/* 002 * Copyright 2009 The Kuali Foundation 003 * 004 * Licensed under the Educational Community License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.opensource.org/licenses/ecl2.php 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016package org.kuali.ole.sys.web.struts; 017 018import javax.servlet.http.HttpServletRequest; 019 020import org.apache.commons.lang.StringUtils; 021import org.kuali.rice.kns.web.struts.form.KualiForm; 022import org.kuali.rice.krad.util.KRADConstants; 023 024public class KualiBatchFileAdminForm extends KualiForm { 025 private String filePath; 026 027 /** 028 * @see org.kuali.rice.kns.web.struts.form.KualiForm#populate(javax.servlet.http.HttpServletRequest) 029 */ 030 @Override 031 public void populate(HttpServletRequest request) { 032 super.populate(request); 033 034 if (StringUtils.isBlank(getFilePath())&& 035 StringUtils.isNotBlank(request.getParameter(KRADConstants.QUESTION_INST_ATTRIBUTE_NAME)) && 036 StringUtils.isNotBlank(request.getParameter(KRADConstants.QUESTION_CONTEXT))) { 037 setFilePath(request.getParameter(KRADConstants.QUESTION_CONTEXT)); 038 } 039 040 if (filePath != null && filePath.matches(".*\\.\\.[/\\\\].*")) { 041 throw new RuntimeException("Cannot access parent directory"); 042 } 043 } 044 045 public String getFilePath() { 046 return filePath; 047 } 048 049 public void setFilePath(String filePath) { 050 this.filePath = filePath; 051 } 052}