This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release17.12
in repository
https://gitbox.apache.org/repos/asf/ofbiz-framework.gitThe following commit(s) were added to refs/heads/release17.12 by this push:
new 6b1d71d Fixed: Secure the uploads (OFBIZ-12080)
6b1d71d is described below
commit 6b1d71d91a1f8c52bbb72c29f20707b4addd4581
Author: Jacques Le Roux <
[hidden email]>
AuthorDate: Fri Mar 26 19:13:07 2021 +0100
Fixed: Secure the uploads (OFBIZ-12080)
Fixes an issue reported by 赖涵 <
[hidden email]>: "Any file upload and delete
in latest Apache OFBiz"
It was a simple syntax error on my side
---
.../src/main/java/org/apache/ofbiz/security/SecuredUpload.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
index ef82c82..9d13ff8 100644
--- a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
+++ b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
@@ -217,10 +217,10 @@ public class SecuredUpload {
Path filePath = Paths.get(fileName);
byte[] bytesFromFile = Files.readAllBytes(filePath);
ImageFormat imageFormat = Imaging.guessFormat(bytesFromFile);
- return imageFormat.equals(ImageFormats.PNG)
+ return (imageFormat.equals(ImageFormats.PNG)
|| imageFormat.equals(ImageFormats.GIF)
|| imageFormat.equals(ImageFormats.TIFF)
- || imageFormat.equals(ImageFormats.JPEG)
+ || imageFormat.equals(ImageFormats.JPEG))
&& imageMadeSafe(fileName);
}
Locked
