You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2021/07/29 15:27:26 UTC
[ofbiz-framework] branch trunk updated: Fixed: Wrong uploaded file
checked in Image Management (OFBIZ-12297)
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 7f065bc Fixed: Wrong uploaded file checked in Image Management (OFBIZ-12297)
7f065bc is described below
commit 7f065bc753e188ac679ae3e1d36675c75dc68bd4
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Thu Jul 29 17:23:39 2021 +0200
Fixed: Wrong uploaded file checked in Image Management (OFBIZ-12297)
When I secured the uploads with OFBIZ-12080 I made a mistake and checked the
wrong uploaded file in Image Management.
---
.../apache/ofbiz/product/imagemanagement/ImageManagementServices.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/applications/product/src/main/java/org/apache/ofbiz/product/imagemanagement/ImageManagementServices.java b/applications/product/src/main/java/org/apache/ofbiz/product/imagemanagement/ImageManagementServices.java
index 793853a..b0f1599 100644
--- a/applications/product/src/main/java/org/apache/ofbiz/product/imagemanagement/ImageManagementServices.java
+++ b/applications/product/src/main/java/org/apache/ofbiz/product/imagemanagement/ImageManagementServices.java
@@ -159,7 +159,7 @@ public class ImageManagementServices {
RandomAccessFile out = new RandomAccessFile(file, "rw");
out.write(imageData.array());
out.close();
- if (!org.apache.ofbiz.security.SecuredUpload.isValidFile(fileToCheck, "Image", delegator)) {
+ if (!org.apache.ofbiz.security.SecuredUpload.isValidFile(file.toString(), "Image", delegator)) {
String errorMessage = UtilProperties.getMessage("SecurityUiLabels", "SupportedImageFormats", locale);
return ServiceUtil.returnError(errorMessage);
}
@@ -183,7 +183,7 @@ public class ImageManagementServices {
RandomAccessFile outFile = new RandomAccessFile(fileOriginal, "rw");
outFile.write(imageData.array());
outFile.close();
- if (!org.apache.ofbiz.security.SecuredUpload.isValidFile(fileToCheck, "Image", delegator)) {
+ if (!org.apache.ofbiz.security.SecuredUpload.isValidFile(fileOriginal.toString(), "Image", delegator)) {
String errorMessage = UtilProperties.getMessage("SecurityUiLabels", "SupportedImageFormats", locale);
return ServiceUtil.returnError(errorMessage);
}