You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2021/07/29 15:27:26 UTC

[ofbiz-framework] branch trunk updated: Fixed: Wrong uploaded file checked in Image Management (OFBIZ-12297)

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 7f065bc  Fixed: Wrong uploaded file checked in Image Management (OFBIZ-12297)
7f065bc is described below

commit 7f065bc753e188ac679ae3e1d36675c75dc68bd4
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Thu Jul 29 17:23:39 2021 +0200

    Fixed: Wrong uploaded file checked in Image Management (OFBIZ-12297)
    
    When I secured the uploads with OFBIZ-12080 I made a mistake and checked the
    wrong uploaded file in Image Management.
---
 .../apache/ofbiz/product/imagemanagement/ImageManagementServices.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/applications/product/src/main/java/org/apache/ofbiz/product/imagemanagement/ImageManagementServices.java b/applications/product/src/main/java/org/apache/ofbiz/product/imagemanagement/ImageManagementServices.java
index 793853a..b0f1599 100644
--- a/applications/product/src/main/java/org/apache/ofbiz/product/imagemanagement/ImageManagementServices.java
+++ b/applications/product/src/main/java/org/apache/ofbiz/product/imagemanagement/ImageManagementServices.java
@@ -159,7 +159,7 @@ public class ImageManagementServices {
                     RandomAccessFile out = new RandomAccessFile(file, "rw");
                     out.write(imageData.array());
                     out.close();
-                    if (!org.apache.ofbiz.security.SecuredUpload.isValidFile(fileToCheck, "Image", delegator)) {
+                    if (!org.apache.ofbiz.security.SecuredUpload.isValidFile(file.toString(), "Image", delegator)) {
                         String errorMessage = UtilProperties.getMessage("SecurityUiLabels", "SupportedImageFormats", locale);
                         return ServiceUtil.returnError(errorMessage);
                     }
@@ -183,7 +183,7 @@ public class ImageManagementServices {
                     RandomAccessFile outFile = new RandomAccessFile(fileOriginal, "rw");
                     outFile.write(imageData.array());
                     outFile.close();
-                    if (!org.apache.ofbiz.security.SecuredUpload.isValidFile(fileToCheck, "Image", delegator)) {
+                    if (!org.apache.ofbiz.security.SecuredUpload.isValidFile(fileOriginal.toString(), "Image", delegator)) {
                         String errorMessage = UtilProperties.getMessage("SecurityUiLabels", "SupportedImageFormats", locale);
                         return ServiceUtil.returnError(errorMessage);
                     }