You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2021/07/29 15:27:25 UTC
[ofbiz-framework] branch release18.12 updated: Fixed: Wrong
uploaded file checked in Image Management (OFBIZ-12297)
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release18.12 by this push:
new 8fb8274 Fixed: Wrong uploaded file checked in Image Management (OFBIZ-12297)
8fb8274 is described below
commit 8fb8274144c7616e6f4ba41d86d7c19bf66a777a
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Thu Jul 29 17:23:39 2021 +0200
Fixed: Wrong uploaded file checked in Image Management (OFBIZ-12297)
When I secured the uploads with OFBIZ-12080 I made a mistake and checked the
wrong uploaded file in Image Management.
---
.../apache/ofbiz/product/imagemanagement/ImageManagementServices.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/applications/product/src/main/java/org/apache/ofbiz/product/imagemanagement/ImageManagementServices.java b/applications/product/src/main/java/org/apache/ofbiz/product/imagemanagement/ImageManagementServices.java
index 82b8c54..f06ddee 100644
--- a/applications/product/src/main/java/org/apache/ofbiz/product/imagemanagement/ImageManagementServices.java
+++ b/applications/product/src/main/java/org/apache/ofbiz/product/imagemanagement/ImageManagementServices.java
@@ -157,7 +157,7 @@ public class ImageManagementServices {
RandomAccessFile out = new RandomAccessFile(file, "rw");
out.write(imageData.array());
out.close();
- if (!org.apache.ofbiz.security.SecuredUpload.isValidFile(fileToCheck, "Image", delegator)) {
+ if (!org.apache.ofbiz.security.SecuredUpload.isValidFile(file.toString(), "Image", delegator)) {
String errorMessage = UtilProperties.getMessage("SecurityUiLabels", "SupportedImageFormats", locale);
return ServiceUtil.returnError(errorMessage);
}
@@ -181,7 +181,7 @@ public class ImageManagementServices {
RandomAccessFile outFile = new RandomAccessFile(fileOriginal, "rw");
outFile.write(imageData.array());
outFile.close();
- if (!org.apache.ofbiz.security.SecuredUpload.isValidFile(fileToCheck, "Image", delegator)) {
+ if (!org.apache.ofbiz.security.SecuredUpload.isValidFile(fileOriginal.toString(), "Image", delegator)) {
String errorMessage = UtilProperties.getMessage("SecurityUiLabels", "SupportedImageFormats", locale);
return ServiceUtil.returnError(errorMessage);
}