[ofbiz-framework] branch release17.12 updated: Fixed: partymgr fails to upload image (OFBIZ-12101)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[ofbiz-framework] branch release17.12 updated: Fixed: partymgr fails to upload image (OFBIZ-12101)

jleroux@apache.org
This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release17.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/release17.12 by this push:
     new 2d15771  Fixed: partymgr fails to upload image (OFBIZ-12101)
2d15771 is described below

commit 2d15771d56ab1637efa5685799f86a7bb118cee4
Author: Jacques Le Roux <[hidden email]>
AuthorDate: Sat Dec 26 09:06:02 2020 +0100

    Fixed: partymgr fails to upload image (OFBIZ-12101)
   
    This is a bug due to OFBIZ-12080, fileToCheck is the complete name of the file
    with path not the filename
   
    Thanks: Wai for report
---
 .../src/main/java/org/apache/ofbiz/security/SecuredUpload.java      | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
index d9c0952..fe68a73 100644
--- a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
+++ b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
@@ -105,11 +105,13 @@ public class SecuredUpload {
             return true;
         }
 
+        Path p = Paths.get(fileToCheck);
+        String file = p.getFileName().toString();
         if (org.apache.commons.lang3.SystemUtils.IS_OS_WINDOWS) {
             if (fileToCheck.length() > 259) {
                 Debug.logError("Uploaded file name too long", MODULE);
                 return false;
-            } else if (!fileToCheck.matches("[a-zA-Z0-9]{1,249}.[a-zA-Z0-9]{1,10}")) {
+            } else if (!file.matches("[a-zA-Z0-9]{1,249}.[a-zA-Z0-9]{1,10}")) {
                 Debug.logError("Uploaded file "
                         + " should contain only Alpha-Numeric characters, only 1 dot as an input for the file name and the extension."
                         + "The file name and the extension should not be empty at all",
@@ -120,7 +122,7 @@ public class SecuredUpload {
             if (fileToCheck.length() > 4096) {
                 Debug.logError("Uploaded file name too long", MODULE);
                 return false;
-            } else if (!fileToCheck.matches("[a-zA-Z0-9]{1,4086}.[a-zA-Z0-9]{1,10}")) {
+            } else if (!file.matches("[a-zA-Z0-9]{1,4086}.[a-zA-Z0-9]{1,10}")) {
                 Debug.logError("Uploaded file "
                         + " should contain only Alpha-Numeric characters, only 1 dot as an input for the file name and the extension."
                         + "Tthe file name and the extension should not be empty at all",