This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release17.12
in repository
https://gitbox.apache.org/repos/asf/ofbiz-framework.gitThe following commit(s) were added to refs/heads/release17.12 by this push:
new 2d15771 Fixed: partymgr fails to upload image (OFBIZ-12101)
2d15771 is described below
commit 2d15771d56ab1637efa5685799f86a7bb118cee4
Author: Jacques Le Roux <
[hidden email]>
AuthorDate: Sat Dec 26 09:06:02 2020 +0100
Fixed: partymgr fails to upload image (OFBIZ-12101)
This is a bug due to OFBIZ-12080, fileToCheck is the complete name of the file
with path not the filename
Thanks: Wai for report
---
.../src/main/java/org/apache/ofbiz/security/SecuredUpload.java | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
index d9c0952..fe68a73 100644
--- a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
+++ b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
@@ -105,11 +105,13 @@ public class SecuredUpload {
return true;
}
+ Path p = Paths.get(fileToCheck);
+ String file = p.getFileName().toString();
if (org.apache.commons.lang3.SystemUtils.IS_OS_WINDOWS) {
if (fileToCheck.length() > 259) {
Debug.logError("Uploaded file name too long", MODULE);
return false;
- } else if (!fileToCheck.matches("[a-zA-Z0-9]{1,249}.[a-zA-Z0-9]{1,10}")) {
+ } else if (!file.matches("[a-zA-Z0-9]{1,249}.[a-zA-Z0-9]{1,10}")) {
Debug.logError("Uploaded file "
+ " should contain only Alpha-Numeric characters, only 1 dot as an input for the file name and the extension."
+ "The file name and the extension should not be empty at all",
@@ -120,7 +122,7 @@ public class SecuredUpload {
if (fileToCheck.length() > 4096) {
Debug.logError("Uploaded file name too long", MODULE);
return false;
- } else if (!fileToCheck.matches("[a-zA-Z0-9]{1,4086}.[a-zA-Z0-9]{1,10}")) {
+ } else if (!file.matches("[a-zA-Z0-9]{1,4086}.[a-zA-Z0-9]{1,10}")) {
Debug.logError("Uploaded file "
+ " should contain only Alpha-Numeric characters, only 1 dot as an input for the file name and the extension."
+ "Tthe file name and the extension should not be empty at all",