[
https://issues.apache.org/jira/browse/OFBIZ-9973?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16245393#comment-16245393 ]
Jacques Le Roux commented on OFBIZ-9973:
----------------------------------------
At revision: 1814709 in trunk and r1814710 in R16.11 I slighlty improved (not sure it has really an impact but was pressed by FB ;))
I missed to encode the request parameter prior to use the canonical pathname.
Nevertheless Findbugs continues to complains about missing canonical pathname
I tried
{code}
String safePath = (new File(imageServerPath + "/" + productId + "/" + imageName)).getCanonicalPath();
BufferedImage bufImg1 = ImageIO.read(FileUtil.getFile(safePath));
{code}
instead of
{code}
BufferedImage bufImg1 = ImageIO.read(new File(imageServerPath + "/" + productId + "/" + imageName).getCanonicalFile());
{code}
Same Findbugs report, I consider it's a false positive and keep the simpler later
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
Locked
