For instance, do you use an URL?

Le 15/04/2021 à 11:20, Jacques Le Roux a écrit :
> Hi Shrilesh,
>
> It works for me with files named GCS_009.jpg and GCS_004.jpeg
>
> You mentioned content.upload.path.prefix. Did you set a value there and if yes which one?
>
> Jacques
>
> Le 15/04/2021 à 10:07, Shrilesh Korgaonkar a écrit :
>> Hi Jacques,
>>
>> Step 1: go-to the e-commerce website login as DemoCustomer
>> Step 2: go-to profile page find party content uploaded / File Manager
>> step 3: add/browse a file
>> step 4: Select Purpose - Internal Content/User Defined Content and click to upload
>>
>> you will get the same error
>> the file is getting uploaded but at the end of
>> *DataServices.groovy
>> ---> def attachUploadToDataResource()
>> ---> return saveLocalFileDataResource(parameters.dataResourceTypeId)
>> ---> result = run service: "createAnonFile", with: fileCtx
>> ---> createFileNoPerm
>> ---> createFileMethod(dctx, context);
>> ---> if (!org.apache.ofbiz.security.SecuredUpload.isValidFile(file.getAbsolutePath(), "Text", delegator))
>> ---> return ServiceUtil.returnError(errorMessage);*
>> Due to the issue I talked above
>>
>> I also uploaded that file which I'm using to upload on party content uploaded
>> name of the file which I'm uploading (AAAAJPJ1.JPEG,AAAAJPJ1.png)
>> And ScreenShots of the demo website and I also tried locally
>>
>> Regards,
>> Shrilesh K.
>>
>> On Wed, Apr 14, 2021 at 11:06 PM Jacques Le Roux <[hidden email] <mailto:[hidden email]>> wrote:
>>
>>     Hi Shrilesh,
>>
>>     In which cases exactly the file names are rejected (length, name, etc.) ? We can also consider the content.upload.path.prefix indeed...
>>
>>     Jacques
>>
>>     Le 14/04/2021 à 17:24, Shrilesh Korgaonkar a écrit :
>>     > Hi Guys,
>>     >
>>     > While performing testing of
>>     > https://issues.apache.org/jira/browse/OFBIZ-10746 <https://issues.apache.org/jira/browse/OFBIZ-10746> issue reported a while
>>     > back, I have noticed that if I try uploading a file it now fails for
>>     > different reasons as the file name is being considered invalid
>>     >
>>     > At first glance, it looks like due to fixes introduced recently due to
>>     > below issues
>>     > 1. Secure the uploads (OFBIZ-12080)
>>     > 2. addImageForProduct fails (OFBIZ-12211)
>>     >
>>     > Of course, it could be bypassed for now by setting property
>>     > *allowAllUploads=true
>>     > *security.properties.
>>     >
>>     > However, was wondering if the below code block from class
>>     > *SecuredUpload.java* should have allowed URLs that also contain
>>     > *content.upload.path.prefix* value? same as what is being done for product
>>     > image URLs.
>>     >
>>     >
>>     >
>>     > if (fileToCheck.length() > 4096) {
>>     >                  Debug.logError("Uploaded file name too long", MODULE);
>>     >                  return false;
>>     >              *} else if (p.toString().contains(imageServerUrl)) {*
>>     >                  if (file.matches("[a-zA-Z0-9-_ ()]{1,4086}.[a-zA-Z0-9-_
>>     > ]{1,10}")) { // "(" and ")" for duplicates files
>>     >                      wrongFile = false;
>>     >                  } else if (!file.matches("[a-zA-Z0-9-_
>>     > ]{1,4086}.[a-zA-Z0-9-_ ]{1,10}")) {
>>     >                      wrongFile = false;
>>     >                  }
>>     >              }
>>     >
>>     > Let me know what the thoughts are and if need be happy to raise an issue so
>>     > that it could be tracked
>>     >
>>     >
>>     > Regards,
>>     > Shrilesh K.
>>