<AWT Dev> Fwd: [8] Review request for 6550588: java.awt.Desktop cannot open file with Windows UNC filename

Mon Mar 4 02:16:10 PST 2013

It seems that file name escaping by ["] is better solution.
http://www.speechcomputing.com/node/2577

>     private static boolean isQuoted(String arg, String errorMessage) {
>         int lastPos = arg.length() - 1;
>         if (lastPos >=1 && arg.charAt(0) == '"' && arg.charAt(lastPos) 
> == '"') {
>             // The argument has already been quoted.
>             if (arg.indexOf('"', 1) != lastPos) {
>                 // There is ["] inside.
>                 throw new IllegalArgumentException(errorMessage);
>             }
>             return true;
>         }
>         if (arg.indexOf('"') >= 0) {
>             // There is ["] inside.
>             throw new IllegalArgumentException(errorMessage);
>         }
>         return false;
>     }
>
>     private static String getExecutablePath(File file)
>         throws IOException
>     {
>         String path = file.getPath();
>         boolean pathIsQuoted = isQuoted(path,
>                 "File name has embedded quote");
>         return pathIsQuoted
>             ? path
>             : ("\"" + path + "\"");
>     }

  this.ShellExecute(getExecutablePath(file), ACTION_XXXX_VERB);

That reduces the injection scenario and is more compatible with 
[ShellExecute] spec:
http://msdn.microsoft.com/en-gb/library/windows/desktop/bb762153%28v=vs.85%29.aspx

Regards,
-uta

On 01.03.2013 19:17, Artem Ananiev wrote:
>
> Your comments are welcome ;)
>
> Thanks,
>
> Artem
>
> -------- Original Message --------
> Subject:     <AWT Dev> [8] Review request for 6550588: java.awt.Desktop
> cannot open file with Windows UNC filename
> Date:     Fri, 01 Mar 2013 18:38:03 +0400
> From:     Anton Litvinov <anton.litvinov at oracle.com>
> Organization:     Oracle Corporation
> To:     awt-dev at openjdk.java.net
>
>
>
> Hello,
>
> Please review the following fix for a bug.
>
> Bug: http://bugs.sun.com/view_bug.do?bug_id=6550588
> Webrev: http://cr.openjdk.java.net/~alitvinov/6550588/webrev.00
>
> The bug consists in inability to open a file with Windows UNC pathname
> by means of "java.awt.Desktop.open" method. The solution adds code to
> "sun.awt.windows.WDesktopPeer" class which modifies URI received as a
> result of a call to "java.io.File.toURI" method to make it satisfy the
> requirements of Windows API concerning a number of consecutive '/'
> characters following a scheme part of URI. Also regression tests related
> to "java.awt.Desktop" were run on Windows XP and Windows 7, no negative
> changes were detected.
>
> A comment with the latest information about the analysis of this issue
> was added to the bug's page, but it is not available at
> "http://bugs.sun.com" yet, because of the time required for
> synchronization. Therefore it is provided below.
>
> The comment:
>
>     During analysis of this bug the following facts were defined:
>     1. URI strings constructed from Windows UNC pathnames like former
>     mentioned "\\host\path\to\f i l e.txt" can still be handled by
>     "ShellExecute()" Windows Shell function, if the URI string is not
>     encoded. Presence of space characters in the URI string does not
>     make the function fail, for example "file:////host/path/to/f i l
>     e.txt" can be successfully processed by "ShellExecute()" function.
>     2. Windows API is designed to handle URI strings with "file"
>     protocol scheme correctly, when the strings have certain number of
>     '/' characters after the scheme name:
>          - 2 slashes for URI converted from a Windows UNC pathname. For
>     example, "\\host\path\to\f i l e.txt" corresponds to the URI
>     "file://host/path/to/f%20i%20l%20e.txt".
>          - 3 slashes for URI converted from a local Windows file path.
>     For example, "C:\Temp Dir\f i l e.txt" corresponds to the URI
>     "file:///C:/Temp%20Dir/f%20i%20l%20e.txt".
>          This fact is described in the article at the following URL
>
> (http://blogs.msdn.com/b/ie/archive/2006/12/06/file-uris-in-windows.aspx). 
>
>
>     3. Current implementation of the class "java.io.File" converts
>     abstract file names to URI in the following way:
>          - "C:\Temp\File.txt" -> "file:/C:/Temp/File.txt".
>          - "\\host\SharedFolder\Temp\File.txt" ->
>     "file:////host/SharedFolder/Temp/File.txt".
>
>     Since "java.io.File" is cross-platform and stable, perhaps,
>     additional modification of the URI string to the format expected by
>     Windows API can be implemented in Windows specific part of
>     "java.awt.Desktop" class.
>
> Thank you,
> Anton
>
>
>
>