From e8b2a94b3f14eab7c36a99675eaad94395854895 Mon Sep 17 00:00:00 2001
From: Nicolas Micoud <58596990+nmicoud@users.noreply.github.com>
Date: Mon, 18 Jul 2022 15:26:34 +0200
Subject: [PATCH] IDEMPIERE-5348 : Validation of filenames (#1398)

---
 .../src/org/compiere/tools/FileUtil.java       |  5 ++++-
 .../src/org/compiere/util/Util.java            | 18 ++++++++++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/org.adempiere.base/src/org/compiere/tools/FileUtil.java b/org.adempiere.base/src/org/compiere/tools/FileUtil.java
index 55c162f133..06813b56e3 100644
--- a/org.adempiere.base/src/org/compiere/tools/FileUtil.java
+++ b/org.adempiere.base/src/org/compiere/tools/FileUtil.java
@@ -471,11 +471,14 @@ public class FileUtil
             throw new IllegalArgumentException("Prefix string \"" + prefix +
                 "\" too short: length must be at least 3");
         }
+
+        prefix = Util.setFilenameCorrect(prefix);
+
         if (suffix == null)
             suffix = ".tmp";
 
         Calendar cal = Calendar.getInstance();
-		SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMddHHmmss");
+		SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMddHHmmssSSS");
 		String dt = sdf.format(cal.getTime());
 		String tmpdirname = (directory != null) ? directory.getCanonicalPath() : System.getProperty("java.io.tmpdir");
 		tmpdirname += System.getProperty("file.separator") + "rpttmp_" + dt + "_" + Env.getContext(Env.getCtx(), Env.AD_SESSION_ID) + System.getProperty("file.separator");
diff --git a/org.adempiere.base/src/org/compiere/util/Util.java b/org.adempiere.base/src/org/compiere/util/Util.java
index eb7f5dd117..06e31addfe 100644
--- a/org.adempiere.base/src/org/compiere/util/Util.java
+++ b/org.adempiere.base/src/org/compiere/util/Util.java
@@ -25,6 +25,7 @@ import java.sql.Timestamp;
 import java.text.AttributedCharacterIterator;
 import java.text.AttributedString;
 import java.text.Normalizer;
+import java.text.Normalizer.Form;
 import java.util.ArrayList;
 import java.util.Calendar;
 import java.util.HashSet;
@@ -748,4 +749,21 @@ public class Util
 			}
 		}
 	}
+
+	/**
+	 * Make the filename correct (updating all unauthorized characters to safe ones)
+	 * @param the filename to check
+	 * @returns the correct filename
+	 */
+	public static String setFilenameCorrect(String input) {
+		String output = Normalizer.normalize(input, Form.NFD).replaceAll("\\p{InCombiningDiacriticalMarks}+", "");
+		output = output.replaceAll("/" , "-");
+		output = output.replaceAll(":" , "-");
+		output = output.replaceAll("\\*" , "-");
+		output = output.replaceAll("<" , "-");
+		output = output.replaceAll(">" , "-");
+		output = output.replaceAll("%" , "-");
+		return output.trim();
+	}
+
 }   //  Util