[
https://issues.apache.org/jira/browse/OFBIZ-12639?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17756847#comment-17756847
]
Ingo Wolfmayr commented on OFBIZ-12639:
---------------------------------------
Hi Jacques,
I already have. As far as I have seen it re-renders a file that is temporary
saved, but after the securedUpload method is triggerd the upload method uses
the imageData from context. I was going to ask you about that anyway :) I don't
see where the re-renderd image created by securedUploadĀ is used.
I work on linux (debian). The image that is re-rendered is stored in /tmp/...
I have already an initial patch that works with the current setup but I have
not gone through all cases. When uploading a productImage (Main) all generated
scales run through securedUpload - I don't think that is necessary. If the
original file passes, why should the scaled image (scaled by ofbiz) fail?
I attached the current status of my patch. Just a few lines. You will see what
I mean ;)
> Upload image size issue
> -----------------------
>
> Key: OFBIZ-12639
> URL: https://issues.apache.org/jira/browse/OFBIZ-12639
> Project: OFBiz
> Issue Type: Improvement
> Components: product/catalog
> Affects Versions: Upcoming Branch
> Reporter: Ingo Wolfmayr
> Priority: Major
> Attachments: 40000054.png, RerenderPatch_notready.patch, test.jpeg
>
>
> I tied to uploaded an Image > 3MB and it fails as the line length > 10000
> Does this security check make sense for images? Attached you will find the
> image.
> Additional to that, the security message is missleading: For security reason
> only valid files of supported image formats...
> Responsible code can be found in: SecuredUploads.java (line 205) &
> DataServices.java (line 216)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
