> Hi Guys,
>
> While performing testing of
> https://issues.apache.org/jira/browse/OFBIZ-10746 issue reported a while
> back, I have noticed that if I try uploading a file it now fails for
> different reasons as the file name is being considered invalid
>
> At first glance, it looks like due to fixes introduced recently due to
> below issues
> 1. Secure the uploads (OFBIZ-12080)
> 2. addImageForProduct fails (OFBIZ-12211)
>
> Of course, it could be bypassed for now by setting property
> *allowAllUploads=true
> *security.properties.
>
> However, was wondering if the below code block from class
> *SecuredUpload.java* should have allowed URLs that also contain
> *content.upload.path.prefix* value? same as what is being done for product
> image URLs.
>
>
>
> if (fileToCheck.length() > 4096) {
>                  Debug.logError("Uploaded file name too long", MODULE);
>                  return false;
>              *} else if (p.toString().contains(imageServerUrl)) {*
>                  if (file.matches("[a-zA-Z0-9-_ ()]{1,4086}.[a-zA-Z0-9-_
> ]{1,10}")) { // "(" and ")" for duplicates files
>                      wrongFile = false;
>                  } else if (!file.matches("[a-zA-Z0-9-_
> ]{1,4086}.[a-zA-Z0-9-_ ]{1,10}")) {
>                      wrongFile = false;
>                  }
>              }
>
> Let me know what the thoughts are and if need be happy to raise an issue so
> that it could be tracked
>
>
> Regards,
> Shrilesh K.