You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2022/02/23 10:59:17 UTC
[ofbiz-framework] 01/03: Fixed: Trivial change in ProgramExport.groovy, uses the SecuredUpload import
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release22.01
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
commit f1b967160f56d550a413784ff9fd854b929657d4
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Wed Feb 23 09:31:25 2022 +0100
Fixed: Trivial change in ProgramExport.groovy, uses the SecuredUpload import
No Functional change
Conflicts handled by hand in ProgramExport.groovy
---
framework/webtools/groovyScripts/entity/ProgramExport.groovy | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/framework/webtools/groovyScripts/entity/ProgramExport.groovy b/framework/webtools/groovyScripts/entity/ProgramExport.groovy
index 52a7a03..47923d4 100644
--- a/framework/webtools/groovyScripts/entity/ProgramExport.groovy
+++ b/framework/webtools/groovyScripts/entity/ProgramExport.groovy
@@ -17,6 +17,7 @@
* under the License.
*/
import org.apache.ofbiz.entity.GenericValue
+import org.apache.ofbiz.security.SecuredUpload
import org.codehaus.groovy.control.CompilerConfiguration
import org.codehaus.groovy.control.MultipleCompilationErrorsException
import org.codehaus.groovy.control.customizers.ImportCustomizer
@@ -78,7 +79,8 @@ def shell = new GroovyShell(loader, binding, configuration)
if (groovyProgram) {
try {
// Check if a webshell is not uploaded but allow "import"
- if (!org.apache.ofbiz.security.SecuredUpload.isValidText(groovyProgram,["import"])) {
+ if (!SecuredUpload.isValidText(groovyProgram, ["import"])) {
+ logError("================== Not executed for security reason ==================")
request.setAttribute("_ERROR_MESSAGE_", "Not executed for security reason")
return
}