fracpete / vfsjfilechooser2 Goto Github PK
View Code? Open in Web Editor NEWUpdated fork of vfsjfilechooser project on sf.net.
License: Apache License 2.0
Updated fork of vfsjfilechooser project on sf.net.
License: Apache License 2.0
Add a "Rename" menu item to the context menu of the file chooser dialog, to
allow renaming of files/folders rather than having to select the item and move
the mouse cursor to get into edit mode.
Original issue reported on code.google.com by fracpete
on 9 Jan 2013 at 1:44
Hi. Thanks for the excellent work. I have two feature requests for the vfsjfilechooser2:
It is strongly desired that the remote host can be connected via SSH Key Authentication. Also, support for SSH proxy server is also grateful.
Type of Issue
Potential Regex Denial of Service (ReDoS)
Description
The vulnerable regular expression is located in
The ReDOS vulnerability can be exploited with the following string
ftp://:@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::
You can execute the following code to reproduce ReDos
import com.googlecode.vfsjfilechooser2.utils.VFSURIValidator;
public class Main {
public static void main(String[] args) {
VFSURIValidator v = new VFSURIValidator();
String _uri = "ftp://:@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::@::";
System.out.println(v.isValid(_uri));
}
}
I think you can limit the input length or modify this regex.
What steps will reproduce the problem?
1. Connecting to any SFTP server
2. Exception is thrown.
There are a couple of problems here.
1. MetalVFSFileChooserUI incorrectly calls getCurrentDirectory() instead of
getCurrentDirectoryObject. Related to your File/FileObject changes.
2. This now works correctly, unless you add a path to the ConnectionDialog.
This is corrected by setting the setUserDirIsRoot configuration to false. Must
be a change in commons-vfs2 behavior. Empty path still works fine.
3. Unrelated misspellings in code (purely cosmetic)
I can't figure out how to create a patch from hg so I've attached the output of
a "hg diff". I'd appreciate it if you could patch and release a new version in
the near future. I've cloned a copy for our internal purposes, which will do
for the interim. Thanks!!
Rajin
Original issue reported on code.google.com by [email protected]
on 16 Jun 2013 at 11:51
Attachments:
What steps will reproduce the problem?
1. Create a FileObject which is not backed by a file:/// URI
2. Create a VFSJFileChooser(FileObject)
java.lang.IllegalArgumentException: URI scheme is not "file"
at java.io.File.<init>(File.java:395)
at com.googlecode.vfsjfilechooser2.utils.DefaultFileObjectConverter.convertFileObject(DefaultFileObjectConverter.java:51)
at com.googlecode.vfsjfilechooser2.VFSJFileChooser.getCurrentDirectory(VFSJFileChooser.java:541)
at com.googlecode.vfsjfilechooser2.plaf.metal.MetalVFSFileChooserUI$DirectoryComboBoxAction.actionPerformed(MetalVFSFileChooserUI.java:1569)
at javax.swing.JComboBox.fireActionEvent(JComboBox.java:1260)
at javax.swing.JComboBox.setSelectedItem(JComboBox.java:588)
at com.googlecode.vfsjfilechooser2.plaf.metal.MetalVFSFileChooserUI.doDirectoryChanged(MetalVFSFileChooserUI.java:804)
at com.googlecode.vfsjfilechooser2.plaf.metal.MetalVFSFileChooserUI.access$600(MetalVFSFileChooserUI.java:94)
at com.googlecode.vfsjfilechooser2.plaf.metal.MetalVFSFileChooserUI$6.propertyChange(MetalVFSFileChooserUI.java:958)
at java.beans.PropertyChangeSupport.fire(PropertyChangeSupport.java:335)
at java.beans.PropertyChangeSupport.firePropertyChange(PropertyChangeSupport.java:327)
at java.beans.PropertyChangeSupport.firePropertyChange(PropertyChangeSupport.java:263)
at java.awt.Component.firePropertyChange(Component.java:8382)
at com.googlecode.vfsjfilechooser2.VFSJFileChooser.setCurrentDirectoryObject(VFSJFileChooser.java:635)
at com.googlecode.vfsjfilechooser2.VFSJFileChooser.<init>(VFSJFileChooser.java:229)
at com.googlecode.vfsjfilechooser2.VFSJFileChooser.<init>(VFSJFileChooser.java:209)
Defeats the point, a little. :-(
Original issue reported on code.google.com by [email protected]
on 6 Jan 2014 at 6:49
junit should be a test dependency, not a runtime dependency.
\--- com.googlecode.vfsjfilechooser2:vfsjfilechooser2:0.2.5
+--- junit:junit:3.8.2 -> 4.8.2
+--- org.apache.commons:commons-vfs2:2.0
| +--- commons-logging:commons-logging:1.1.1
| +--- org.apache.maven.scm:maven-scm-api:1.4
| | \--- org.codehaus.plexus:plexus-utils:1.5.6
| \--- org.apache.maven.scm:maven-scm-provider-svnexe:1.4
| +--- org.apache.maven.scm:maven-scm-provider-svn-commons:1.4
| | +--- org.apache.maven.scm:maven-scm-api:1.4 (*)
| | \--- org.codehaus.plexus:plexus-utils:1.5.6
| +--- regexp:regexp:1.3
| +--- org.apache.maven.scm:maven-scm-api:1.4 (*)
| \--- org.codehaus.plexus:plexus-utils:1.5.6
\--- commons-io:commons-io:2.1 -> 2.4
Original issue reported on code.google.com by [email protected]
on 5 Jan 2014 at 9:26
What steps will reproduce the problem?
1. Create a file with backslashes in the name (on Linux)
2. open file chooser and go to that location
What is the expected output? What do you see instead?
Instead of seeing content of directory, file chooser is empty.
Original issue reported on code.google.com by fracpete
on 6 Nov 2012 at 7:51
Click on Connections in open window, make an sftp connection in which the password field contains symbol "@". When clicked on connect an error dialog is opened with no error message.
Note: will works fine if %40 is used instead of @
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.