From 76f1fcd184dcee7dbec5aeeb083e14b3d4cd84c0 Mon Sep 17 00:00:00 2001
From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com>
Date: Sun, 7 Jul 2024 21:52:54 +0000
Subject: [PATCH] Sanitized user-provided file names in HTTP multipart uploads

---
 .../SPDF/controller/api/security/PasswordController.java         | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/main/java/stirling/software/SPDF/controller/api/security/PasswordController.java b/src/main/java/stirling/software/SPDF/controller/api/security/PasswordController.java
index 8a947c8e0b..7ecad98d02 100644
--- a/src/main/java/stirling/software/SPDF/controller/api/security/PasswordController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/security/PasswordController.java
@@ -68,6 +68,7 @@ public ResponseEntity<byte[]> addPassword(@ModelAttribute AddPasswordRequest req
         boolean canModifyAnnotations = request.isCanModifyAnnotations();
         boolean canPrint = request.isCanPrint();
         boolean canPrintFaithful = request.isCanPrintFaithful();
+        System.out.println(Filenames.toSimpleFileName(fileInput.getOriginalFilename()));
         PDDocument document = Loader.loadPDF(fileInput.getBytes());
         AccessPermission ap = new AccessPermission();
         ap.setCanAssembleDocument(!canAssembleDocument);