[ https://issues.apache.org/jira/browse/OFBIZ-12639?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17756847#comment-17756847 ]
Ingo Wolfmayr commented on OFBIZ-12639: --------------------------------------- Hi Jacques, I already have. As far as I have seen it re-renders a file that is temporary saved, but after the securedUpload method is triggerd the upload method uses the imageData from context. I was going to ask you about that anyway :) I don't see where the re-renderd image created by securedUploadĀ is used. I work on linux (debian). The image that is re-rendered is stored in /tmp/... I have already an initial patch that works with the current setup but I have not gone through all cases. When uploading a productImage (Main) all generated scales run through securedUpload - I don't think that is necessary. If the original file passes, why should the scaled image (scaled by ofbiz) fail? I attached the current status of my patch. Just a few lines. You will see what I mean ;) > Upload image size issue > ----------------------- > > Key: OFBIZ-12639 > URL: https://issues.apache.org/jira/browse/OFBIZ-12639 > Project: OFBiz > Issue Type: Improvement > Components: product/catalog > Affects Versions: Upcoming Branch > Reporter: Ingo Wolfmayr > Priority: Major > Attachments: 40000054.png, RerenderPatch_notready.patch, test.jpeg > > > I tied to uploaded an Image > 3MB and it fails as the line length > 10000 > Does this security check make sense for images? Attached you will find the > image. > Additional to that, the security message is missleading: For security reason > only valid files of supported image formats... > Responsible code can be found in: SecuredUploads.java (line 205) & > DataServices.java (line 216) -- This message was sent by Atlassian Jira (v8.20.10#820010)