[ofbiz-framework] branch release18.12 updated: Fixed: Wrong uploaded file checked in Image Management (OFBIZ-12297)

jleroux Thu, 29 Jul 2021 08:27:29 -0700

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git



The following commit(s) were added to refs/heads/release18.12 by this push:
     new 8fb8274  Fixed: Wrong uploaded file checked in Image Management 
(OFBIZ-12297)
8fb8274 is described below

commit 8fb8274144c7616e6f4ba41d86d7c19bf66a777a
Author: Jacques Le Roux <[email protected]>
AuthorDate: Thu Jul 29 17:23:39 2021 +0200

    Fixed: Wrong uploaded file checked in Image Management (OFBIZ-12297)
    
    When I secured the uploads with OFBIZ-12080 I made a mistake and checked the
    wrong uploaded file in Image Management.
---
 .../apache/ofbiz/product/imagemanagement/ImageManagementServices.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git 
a/applications/product/src/main/java/org/apache/ofbiz/product/imagemanagement/ImageManagementServices.java
 
b/applications/product/src/main/java/org/apache/ofbiz/product/imagemanagement/ImageManagementServices.java
index 82b8c54..f06ddee 100644
--- 
a/applications/product/src/main/java/org/apache/ofbiz/product/imagemanagement/ImageManagementServices.java
+++ 
b/applications/product/src/main/java/org/apache/ofbiz/product/imagemanagement/ImageManagementServices.java
@@ -157,7 +157,7 @@ public class ImageManagementServices {
                     RandomAccessFile out = new RandomAccessFile(file, "rw");
                     out.write(imageData.array());
                     out.close();
-                    if 
(!org.apache.ofbiz.security.SecuredUpload.isValidFile(fileToCheck, "Image", 
delegator)) {
+                    if 
(!org.apache.ofbiz.security.SecuredUpload.isValidFile(file.toString(), "Image", 
delegator)) {
                         String errorMessage = 
UtilProperties.getMessage("SecurityUiLabels", "SupportedImageFormats", locale);
                         return ServiceUtil.returnError(errorMessage);
                     }
@@ -181,7 +181,7 @@ public class ImageManagementServices {
                     RandomAccessFile outFile = new 
RandomAccessFile(fileOriginal, "rw");
                     outFile.write(imageData.array());
                     outFile.close();
-                    if 
(!org.apache.ofbiz.security.SecuredUpload.isValidFile(fileToCheck, "Image", 
delegator)) {
+                    if 
(!org.apache.ofbiz.security.SecuredUpload.isValidFile(fileOriginal.toString(), 
"Image", delegator)) {
                         String errorMessage = 
UtilProperties.getMessage("SecurityUiLabels", "SupportedImageFormats", locale);
                         return ServiceUtil.returnError(errorMessage);
                     }

[ofbiz-framework] branch release18.12 updated: Fixed: Wrong uploaded file checked in Image Management (OFBIZ-12297)

Reply via email to