This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release18.12 by this push:
new 6da27fd Fixed: Secure the uploads (OFBIZ-12080)
6da27fd is described below
commit 6da27fd220f4173483b8dd18e2a188a93936fa5e
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Fri Feb 25 12:06:44 2022 +0100
Fixed: Secure the uploads (OFBIZ-12080)
Checks that the content of SecuredUpload::isValidText is not null,
else returns false
Suspenders and belt type of fix.
---
.../security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
index bbace32..10504d9 100644
---
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
+++
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
@@ -104,7 +104,7 @@ public class SecuredUpload {
private static final Integer MAXLINELENGTH =
UtilProperties.getPropertyAsInteger("security", "maxLineLength", 10000);
public static boolean isValidText(String content, List<String> allowed)
throws IOException {
- return DENIEDWEBSHELLTOKENS.stream().allMatch(token ->
isValid(content, token, allowed));
+ return content != null ? DENIEDWEBSHELLTOKENS.stream().allMatch(token
-> isValid(content, token, allowed)) : false;
}
public static boolean isValidFileName(String fileToCheck, Delegator
delegator) throws IOException {
