Skip to content

Fix case-insensitive ZIP entry matching in ZipFileZipEntrySource under Turkish Locale#1136

Merged
pjfanning merged 6 commits into
apache:trunkfrom
kali834x:fix-zip-file-entry-source-turkish-locale
Jun 12, 2026
Merged

Fix case-insensitive ZIP entry matching in ZipFileZipEntrySource under Turkish Locale#1136
pjfanning merged 6 commits into
apache:trunkfrom
kali834x:fix-zip-file-entry-source-turkish-locale

Conversation

@kali834x

@kali834x kali834x commented Jun 12, 2026

Copy link
Copy Markdown
Contributor

ZipFileZipEntrySource.getEntry() performs case-insensitive matching of ZIP entry names. However, its implementation is inconsistent with ZipInputStreamZipEntrySource, which normalizes names using toLowerCase(Locale.ROOT) before lookup.

Since OPC ZIP entry names are standardized and should be compared using locale-independent ASCII semantics, both implementations should use the same normalization strategy to ensure consistent behavior across entry source types.

This PR aligns ZipFileZipEntrySource with ZipInputStreamZipEntrySource by normalizing names using toLowerCase(Locale.ROOT). A unit test is added to verify consistent case-insensitive lookups and to guard against locale-related regressions, including under the Turkish locale.

@pjfanning

pjfanning commented Jun 12, 2026

Copy link
Copy Markdown
Member

forbidden apis used

Forbidden method invocation: java.util.Locale#getDefault() [Do not use methods that depend on the current Locale, either use Locale.ROOT or let the user define the locale, see class LocaleUtil for details]

  in org.apache.poi.openxml4j.util.TestZipSecureFile (TestZipSecureFile.java:295)
> Task :poi-ooxml:forbiddenApisTest FAILED
Forbidden method invocation: java.util.Locale#setDefault(java.util.Locale) [Do not use methods that depend on the current Locale, either use Locale.ROOT or let the user define the locale, see class LocaleUtil for details]

  in org.apache.poi.openxml4j.util.TestZipSecureFile (TestZipSecureFile.java:297)
Forbidden method invocation: java.util.Locale#setDefault(java.util.Locale) [Do not use methods that depend on the current Locale, either use Locale.ROOT or let the user define the locale, see class LocaleUtil for details]
  in org.apache.poi.openxml4j.util.TestZipSecureFile (TestZipSecureFile.java:317)
Forbidden method invocation: java.util.Locale#setDefault(java.util.Locale) [Do not use methods that depend on the current Locale, either use Locale.ROOT or let the user define the locale, see class LocaleUtil for details]
  in org.apache.poi.openxml4j.util.TestZipSecureFile (TestZipSecureFile.java:317)
Scanned 369 class file(s) for forbidden API invocations (in 4.12s), 4 error(s).

@sahvx655-wq

sahvx655-wq commented Jun 12, 2026

Copy link
Copy Markdown
Contributor

I have updated the code and pushed the changes to address the Forbidden APIs check failure

@pjfanning

pjfanning commented Jun 12, 2026

Copy link
Copy Markdown
Member

@kali834x there were some issues that I committed fixes for. Could you review them?

@sahvx655-wq

sahvx655-wq commented Jun 12, 2026

Copy link
Copy Markdown
Contributor

I reviewed the changes and ran TestZipSecureFile locally:
./gradlew :poi-ooxml:test --tests org.apache.poi.openxml4j.util.TestZipSecureFile
The test passed successfully with the latest changes

@pjfanning pjfanning merged commit 4644d25 into apache:trunk Jun 12, 2026
1 check passed
@pjfanning

pjfanning commented Jun 12, 2026

Copy link
Copy Markdown
Member

merged - thanks

@pjfanning pjfanning mentioned this pull request Jun 12, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kali834x @pjfanning @sahvx655-wq