com.atlassian.confluence.servlet.download

Class DefaultAttachmentSafeContentHeaderGuesser

java.lang.Object

com.atlassian.confluence.servlet.download.DefaultAttachmentSafeContentHeaderGuesser

All Implemented Interfaces:

SafeContentHeaderGuesser

public class DefaultAttachmentSafeContentHeaderGuesser
extends Object
implements SafeContentHeaderGuesser

Constructor Summary

Constructors

Constructor and Description
DefaultAttachmentSafeContentHeaderGuesser()

Method Summary

Modifier and Type	Method and Description
Map<String,String>	computeAttachmentHeaders(InputStream contents, String contentType, String name, String userAgent, long contentLength, boolean hasXsrfToken, Map<String,String> httpQueryParams) Deprecated.
Map<String,String>	computeAttachmentHeaders(String contentType, InputStream contents, String name, String userAgent, long contentLength, boolean hasXsrfToken, Map<String,String[]> httpQueryParams) Returns a map of headers with their values.
Map<String,String>	computeAttachmentHeaders(String contentType, String name, String userAgent, long contentLength, boolean hasXsrfToken, Map<String,String> httpQueryParams) Deprecated.
void	setContentTypeAndDispositionHeaderBlacklist(com.atlassian.http.mime.ContentDispositionHeaderGuesser contentTypeAndDispositionHeaderBlacklist)
void	setMimeTypeTranslator(AttachmentMimeTypeTranslator mimeTypeTranslator)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultAttachmentSafeContentHeaderGuesser

public DefaultAttachmentSafeContentHeaderGuesser()

Method Detail

computeAttachmentHeaders

public Map<String,String> computeAttachmentHeaders(String contentType,
                                                   InputStream contents,
                                                   String name,
                                                   String userAgent,
                                                   long contentLength,
                                                   boolean hasXsrfToken,
                                                   Map<String,String[]> httpQueryParams)
                                            throws IOException

Description copied from interface: SafeContentHeaderGuesser

Returns a map of headers with their values. One of these headers _must_ be 'Content-Type'.

The purpose of this method is to guess a safe content type header (and associated content-disposition headers), so that it is difficult to perform xss using attachments.

Specified by:

computeAttachmentHeaders in interface SafeContentHeaderGuesser

Parameters:

contentType - the existing content-type that the attachment has.

contents - attachment contents

name - the filename of the attachment

userAgent - the user agent of the client requesting the attachment

contentLength - the length of the attachment

httpQueryParams - a map of the http query parameters

Returns:

a map of http headers to their values. It will contain at least one entry with key 'Content-Type'.

Throws:

IOException - if the attachments contents could not be read

computeAttachmentHeaders

@Deprecated
public Map<String,String> computeAttachmentHeaders(InputStream contents,
                                                               String contentType,
                                                               String name,
                                                               String userAgent,
                                                               long contentLength,
                                                               boolean hasXsrfToken,
                                                               Map<String,String> httpQueryParams)

Deprecated.

Description copied from interface: SafeContentHeaderGuesser

Returns a map of headers with their values. One of these headers _must_ be 'Content-Type'.

The purpose of this method is to guess a safe content type header (and associated content-disposition headers), so that it is difficult to perform xss using attachments.

Specified by:

computeAttachmentHeaders in interface SafeContentHeaderGuesser

Parameters:

contents - attachment contents

contentType - the existing content-type that the attachment has.

name - the filename of the attachment

userAgent - the user agent of the client requesting the attachment

contentLength - the length of the attachment

httpQueryParams - a map of the http query parameters.

Returns:

a map of http headers to their values. It will contain at least one entry with key 'Content-Type'.

computeAttachmentHeaders

@Deprecated
public Map<String,String> computeAttachmentHeaders(String contentType,
                                                               String name,
                                                               String userAgent,
                                                               long contentLength,
                                                               boolean hasXsrfToken,
                                                               Map<String,String> httpQueryParams)

Deprecated.

Description copied from interface: SafeContentHeaderGuesser

Returns a map of headers with their values. One of these headers _must_ be 'Content-Type'.

The purpose of this method is to guess a safe content type header (and associated content-disposition headers), so that it is difficult to perform xss using attachments.

Specified by:

computeAttachmentHeaders in interface SafeContentHeaderGuesser

Parameters:

contentType - the existing content-type that the attachment has.

name - the filename of the attachment

userAgent - the user agent of the client requesting the attachment

contentLength - the length of the attachment

httpQueryParams - a map of the http query parameters.

Returns:

a map of http headers to their values. It will contain at least one entry with key 'Content-Type'.

setMimeTypeTranslator

public void setMimeTypeTranslator(AttachmentMimeTypeTranslator mimeTypeTranslator)

setContentTypeAndDispositionHeaderBlacklist

public void setContentTypeAndDispositionHeaderBlacklist(com.atlassian.http.mime.ContentDispositionHeaderGuesser contentTypeAndDispositionHeaderBlacklist)