File 경로 조치 (\, /)

java 에서 한것은  replaceAll("\\\\","/");

파일 다운로드시, Header Manipulation 취약점 있는 경우

replaceAll("/r","");

replaceAll("/n","");

File file1 = new File(INPUT PATH);

String S_NEW_FILE_PATH = file1 == null ? null : file1.getAbsolutePath().replaceAll("\\\\", "/");

/*

            application/pdf

            application/vnd.ms-word

            application/vnd.ms-xls

            application/vnd.ms-powerpoint

*/

            String strClient = request.getHeader("user-agent");

            String attachment = "inline".equals(request.getParameter("S_MODE")) ? "inline; " : "attachment; ";

            //Header Manipulation 취약점 제거

            attachment = attachment.replaceAll("/r", "");

            attachment = attachment.replaceAll("/n", "");

 if (strClient.indexOf("MSIE 5.5") != -1)

            {

                response.setHeader("Content-Disposition", ("inline; ".equals(attachment) ? attachment:"")+"filename=" + downFileName + ";");

            }

            else

            {

                response.setHeader("Content-Disposition", attachment+"filename=" + downFileName + ";");

            }

How can I replace \ with / in Java?

Ask Question

up vote3down votefavorite

I tried with following regex, but it didn't work. myString.replaceAll("\", "/"); Exception: java.util.regex.PatternSyntaxException: Unexpected internal error near index 1 \ ^ at java.util.regex.Pattern.error(Unknown Source) at java.util.regex.Pattern.compile(Unknown Source) at java.util.regex.Pattern.(Unknown Source) at java.util.regex.Pattern.compile(Unknown Source) at java.lang.String.replaceAll(Unknown Source) java regex shareimprove this question asked Dec 28 '10 at 6:27 newbie 9,22264170276

1   To convert to Unix separators for file path, you may want to have a look at apache common-io commons.apache.org/io/api-1.4/org/apache/commons/io/… – gigadot Dec 28 '10 at 6:32  thanx, that was exactly what I needed! – newbie Dec 28 '10 at 7:13 add a comment

2 Answers

activeoldestvotes

up vote7down voteaccepted

Your code should not even compile. "\" escapes the " so that the string continues. Writing String h = "\"hello\""; makes the string h contain "hello". If we change then change it to it to "\\" (escaping the backslash) we run into another problem. The regular expression then tries to escape the next character. For example writing "\\d+" is a valid regular expression (matching digits). In you case however you do not need regular expressions at all. Just use the replace(char, char)method of the string, it replaces all characters. myString.replace('\\', '/'); By the way, if you are replacing paths, you should look at File.separator to get the systems path separator character. shareimprove this answer answered Dec 28 '10 at 9:01 dacwe 35.2k685118

3   This is the best answer by far (+1). Use regular expressions if and only if you need them. String.replace(char, char) and String.replace(CharSequence, CharSequence) should be the used in 80% of cases where people use String.replaceAll(). – Sean Patrick Floyd Dec 28 '10 at 9:04 add a comment

up vote3down vote

Sometimes you need 4 slashes, because backslash is an escape character for regex as well. Try myString.replaceAll("\\\\", "/"); shareimprove this answer

https://stackoverflow.com/questions/4544121/how-can-i-replace-with-in-java