This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
commit d54abff8c2252bd807d5e69b2499081ab5ee2585
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Wed Feb 23 09:31:25 2022 +0100
Fixed: Trivial change in ProgramExport.groovy, uses the SecuredUpload import
No Functional change
Conflicts handled by hand in ProgramExport.groovy
---
framework/webtools/groovyScripts/entity/ProgramExport.groovy | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/framework/webtools/groovyScripts/entity/ProgramExport.groovy
b/framework/webtools/groovyScripts/entity/ProgramExport.groovy
index 12b8293..bb37f42 100644
--- a/framework/webtools/groovyScripts/entity/ProgramExport.groovy
+++ b/framework/webtools/groovyScripts/entity/ProgramExport.groovy
@@ -20,6 +20,7 @@ import org.apache.ofbiz.entity.Delegator
import org.apache.ofbiz.entity.GenericValue
import org.apache.ofbiz.entity.model.ModelEntity
import org.apache.ofbiz.base.util.*
+import org.apache.ofbiz.security.SecuredUpload
import org.w3c.dom.Document
@@ -73,7 +74,9 @@ def shell = new GroovyShell(loader, binding, configuration)
if (UtilValidate.isNotEmpty(groovyProgram)) {
try {
- if
(!org.apache.ofbiz.security.SecuredUpload.isValidText(groovyProgram,["import"]))
{
+ // Check if a webshell is not uploaded but allow "import"
+ if (!SecuredUpload.isValidText(groovyProgram, ["import"])) {
+ logError("================== Not executed for security reason
==================")
request.setAttribute("_ERROR_MESSAGE_", "Not executed for security
reason")
return
}
