[
https://issues.apache.org/jira/browse/OFBIZ-12114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17256070#comment-17256070 ]
Jacques Le Roux commented on OFBIZ-12114:
-----------------------------------------
The file is missing in the demo VM at /home/ofbizDemo/trunk/themes/common-theme/webapp/images/products/GZ-1000
Image files there have been replaced 2020/07/05 by
{code:java}
<?xml version=”1.0" standalone=”no”?>
<!DOCTYPE svg PUBLIC “-//W3C//DTD SVG 1.1//EN” “
http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version=”1.1" baseProfile=”full” xmlns=”
http://www.w3.org/2000/svg">
<polygon id=”triangle” points=”0,0 0,50 50,0" fill=”#009900" stroke=”#004400"/>
<script type=”text/javascript”>
alert(‘Vulnerable to XSS attacks’);
</script>
</svg>
-----------------------------205302355730027
Content-Disposition: form-data; name="upload_file_type_bogus"
original
{code}
I guess related to OFBIZ-12080.
There are other similar files under /home/ofbizDemo/trunk/themes/common-theme/webapp/images/products/. I'm not sure why this seems to prevent the loading the files here. I'll try to add a step in the updating script to removed the content of this directory.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
Locked
