This is an automated email from the ASF dual-hosted git repository. jleroux pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
commit bdf21f345029f6a25e562a6ecd7b0b5b91597563 Author: Jacques Le Roux <jacques.le.r...@les7arts.com> AuthorDate: Sat May 21 10:05:02 2022 +0200 Improved: Secure the uploads (OFBIZ-12080) Attachments to order can be also documents. Accepting only images did not prevent it, you can always bypass that, but it clarifies things. Also improves the ContentUploadFileTypeNotMatch English label --- applications/content/config/ContentUiLabels.xml | 4 ++-- applications/order/template/order/AddOrderAttachments.ftl | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/applications/content/config/ContentUiLabels.xml b/applications/content/config/ContentUiLabels.xml index 38537546ea..3ebd05f03a 100644 --- a/applications/content/config/ContentUiLabels.xml +++ b/applications/content/config/ContentUiLabels.xml @@ -3141,7 +3141,7 @@ <value xml:lang="zh-TW">你沒有檢視本頁面的權限.(需要具備"CONTENTMGR_UPDATE"或"CONTENTMGR_ADMIN")</value> </property> <property key="ContentUploadFileTypeNotMatch"> - <value xml:lang="en">Upload file type not match your selected.</value> + <value xml:lang="en">Upload file type not match your selection.</value> <value xml:lang="fr">Le type de fichier chargé ne correspond pas avec votre selection.</value> <value xml:lang="it">Tipo file da caricare non corrisponde alla tua selezione.</value> <value xml:lang="ja">選択したアップロードファイルの種類が一致しません。</value> @@ -7147,4 +7147,4 @@ <value xml:lang="zh">生成缺失的搜索引擎优化的网址</value> <value xml:lang="zh-TW">產生缺失的搜尋引擎優化的網址</value> </property> -</resource> \ No newline at end of file +</resource> diff --git a/applications/order/template/order/AddOrderAttachments.ftl b/applications/order/template/order/AddOrderAttachments.ftl index 17033d8664..3955a5d40a 100644 --- a/applications/order/template/order/AddOrderAttachments.ftl +++ b/applications/order/template/order/AddOrderAttachments.ftl @@ -49,7 +49,7 @@ under the License. </select> </div> <div> - <input type="file" name="uploadedFile" class="required" size="25" accept=".png,.gif,.jpg,.jpeg,.tiff,.tif"/> + <input type="file" name="uploadedFile" class="required" size="25"/> </div> <div> <button type="submit">