This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new e3ec08b Fixed: Secure the uploads (OFBIZ-12080)
e3ec08b is described below
commit e3ec08bddcbfbf0ffe68b0579c5b29b022baa196
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Fri Mar 26 19:13:07 2021 +0100
Fixed: Secure the uploads (OFBIZ-12080)
Fixes an issue reported by 赖涵 <1044309...@qq.com>: "Any file upload and
delete
in latest Apache OFBiz"
It was a simple syntax error on my side
---
.../src/main/java/org/apache/ofbiz/security/SecuredUpload.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
index caab84c..aa2ce62 100644
---
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
+++
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
@@ -217,10 +217,10 @@ public class SecuredUpload {
Path filePath = Paths.get(fileName);
byte[] bytesFromFile = Files.readAllBytes(filePath);
ImageFormat imageFormat = Imaging.guessFormat(bytesFromFile);
- return imageFormat.equals(ImageFormats.PNG)
+ return (imageFormat.equals(ImageFormats.PNG)
|| imageFormat.equals(ImageFormats.GIF)
|| imageFormat.equals(ImageFormats.TIFF)
- || imageFormat.equals(ImageFormats.JPEG)
+ || imageFormat.equals(ImageFormats.JPEG))
&& imageMadeSafe(fileName);
}
