[
https://issues.apache.org/jira/browse/OFBIZ-12929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17826969#comment-17826969
]
Pierre Smits commented on OFBIZ-12929:
--------------------------------------
Hi Jacques,
Thank you for including the links regarding the exclusion of the MS filetypes.
It helps to understand the motivation regarding the choices made by the project.
As for the filetypes for which more explanation is needed:
* png: the filename was 'Screenshot 2024-02-05 at 18.01.38.png'; as you can
see it is timestamped (and having a lot of dots) which can happen a lot.
Excluding a file because it has this should be reconsidered.
* mta: I mentioned this extension, but made a mistake as it should have been
STA (filename: MT940240305122541.STA) The file is a text file generated by my
bank and contains text according to the MT940 definition, which is a SWIFT
message type standard (banking communication standard). These file are used in
accounting (any accounting solution) to ingest banking transactions. Maybe the
file generated by my bank is of their own design, but it is plain text.
* zip: the complete file name is/was 'ABNAMRO_documenten.zip', containing a
set of pdf files. Each pfd filename, though lengthy, complied to the 'safe
names' requirement.
> OFBiz doesn't allow upload.
> ---------------------------
>
> Key: OFBIZ-12929
> URL: https://issues.apache.org/jira/browse/OFBIZ-12929
> Project: OFBiz
> Issue Type: Improvement
> Components: accounting
> Affects Versions: Upcoming Branch
> Reporter: Pierre Smits
> Assignee: Jacques Le Roux
> Priority: Major
> Attachments: Screenshot 2024-03-05 at 09.18.27.png
>
>
> In demo trunk and local with demo data in an existing agreement, no files of
> following type can be uploaded:
> * pdf
> * xlsx
> * pptx
> * docx
> in screen a message as per attached image is shown, in the console following
> is shown:
> {code:java}
> 2024-03-05 09:22:57,838 |jsse-nio-8443-exec-4 |SecuredUpload
> |E| For security reason lines over 10000 are not allowed
> 2024-03-05 09:22:57,838 |jsse-nio-8443-exec-4 |ServiceUtil
> |E| {errorMessage=For security reason only valid files of supported image
> formats (GIF, JPEG, PNG, TIFF), SVG, PDF, and ZIP or text files with safe
> names (only Alpha-Numeric characters, hyphen, underscore and spaces, only 1
> dot, name and extension not empty) and contents are accepted.,
> responseMessage=error}
> 2024-03-05 09:22:57,838 |jsse-nio-8443-exec-4 |ServiceDispatcher
> |E| Error in Service [createAnonFile]: For security reason only valid files
> of supported image formats (GIF, JPEG, PNG, TIFF), SVG, PDF, and ZIP or text
> files with safe names (only Alpha-Numeric characters, hyphen, underscore and
> spaces, only 1 dot, name and extension not empty) and contents are accepted.
> 2024-03-05 09:22:57,839 |jsse-nio-8443-exec-4 |TransactionUtil
> |W| Calling transaction setRollbackOnly; this stack trace shows where this is
> happening:
> java.lang.Exception: Error in Service [createAnonFile]: For security reason
> only valid files of supported image formats (GIF, JPEG, PNG, TIFF), SVG, PDF,
> and ZIP or text files with safe names (only Alpha-Numeric characters, hyphen,
> underscore and spaces, only 1 dot, name and extension not empty) and contents
> are accepted.
> at
> org.apache.ofbiz.entity.transaction.TransactionUtil.setRollbackOnly(TransactionUtil.java:372)
> [main/:?]
> at
> org.apache.ofbiz.entity.transaction.TransactionUtil.rollback(TransactionUtil.java:306)
> [main/:?]
> at
> org.apache.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:577)
> [main/:?]
> at
> org.apache.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:244)
> [main/:?]
> at
> org.apache.ofbiz.service.GenericDispatcherFactory$GenericDispatcher.runSync(GenericDispatcherFactory.java:93)
> [main/:?]
> at org.apache.ofbiz.service.LocalDispatcher$runSync$0.call(Unknown
> Source) [main/:?]
> at
> org.apache.ofbiz.service.engine.GroovyBaseScript.runService(GroovyBaseScript.groovy:74)
> [main/:?]
> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method) ~[?:?]
> at
> jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
> ~[?:?]
> at
> jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:?]
> at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
> at
> org.codehaus.groovy.runtime.callsite.PlainObjectMetaMethodSite.doInvoke(PlainObjectMetaMethodSite.java:48)
> [groovy-3.0.21.jar:3.0.21]
> at
> org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite$PogoCachedMethodSite.invoke(PogoMetaMethodSite.java:166)
> [groovy-3.0.21.jar:3.0.21]
> at
> org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.callCurrent(PogoMetaMethodSite.java:57)
> [groovy-3.0.21.jar:3.0.21]
> at
> org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:51)
> [groovy-3.0.21.jar:3.0.21]
> at
> org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.callCurrent(PogoMetaMethodSite.java:62)
> [groovy-3.0.21.jar:3.0.21]
> at
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:194)
> [groovy-3.0.21.jar:3.0.21]
> at
> org.apache.ofbiz.service.engine.GroovyBaseScript.run(GroovyBaseScript.groovy:82)
> [main/:?]
> at
> org.apache.ofbiz.service.engine.GroovyBaseScript$run$3.callCurrent(Unknown
> Source) [main/:?]
> at
> org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:51)
> [groovy-3.0.21.jar:3.0.21]
> at
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:171)
> [groovy-3.0.21.jar:3.0.21]
> at
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:185)
> [groovy-3.0.21.jar:3.0.21]
> at
> org.apache.ofbiz.content.data.DataServicesScript.saveLocalFileDataResource(DataServicesScript.groovy:274)
> [script:?]
> at
> org.apache.ofbiz.content.data.DataServicesScript$saveLocalFileDataResource.callCurrent(Unknown
> Source) [script:?]
> at
> org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:51)
> [groovy-3.0.21.jar:3.0.21]
> at
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:171)
> [groovy-3.0.21.jar:3.0.21]
> at
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:185)
> [groovy-3.0.21.jar:3.0.21]
> at
> org.apache.ofbiz.content.data.DataServicesScript.attachUploadToDataResource(DataServicesScript.groovy:179)
> [script:?]
> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method) ~[?:?]
> at
> jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
> ~[?:?]
> at
> jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:?]
> at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
> at
> org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:107)
> [groovy-3.0.21.jar:3.0.21]
> at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:323)
> [groovy-3.0.21.jar:3.0.21]
> at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1254)
> [groovy-3.0.21.jar:3.0.21]
> at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1030)
> [groovy-3.0.21.jar:3.0.21]
> at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:814)
> [groovy-3.0.21.jar:3.0.21]
> at groovy.lang.GroovyObject.invokeMethod(GroovyObject.java:39)
> [groovy-3.0.21.jar:3.0.21]
> at groovy.lang.Script.invokeMethod(Script.java:96)
> [groovy-3.0.21.jar:3.0.21]
> at
> org.apache.ofbiz.service.engine.GroovyEngine.runSync(GroovyEngine.java:110)
> [main/:?]
> at
> org.apache.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:428)
> [main/:?]
> at
> org.apache.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:244)
> [main/:?]
> at
> org.apache.ofbiz.service.group.GroupServiceModel.invoke(GroupServiceModel.java:121)
> [main/:?]
> at
> org.apache.ofbiz.service.group.GroupModel.runAll(GroupModel.java:172)
> [main/:?]
> at org.apache.ofbiz.service.group.GroupModel.run(GroupModel.java:135)
> [main/:?]
> at
> org.apache.ofbiz.service.group.ServiceGroupEngine.runSync(ServiceGroupEngine.java:54)
> [main/:?]
> at
> org.apache.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:428)
> [main/:?]
> at
> org.apache.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:244)
> [main/:?]
> at
> org.apache.ofbiz.service.group.GroupServiceModel.invoke(GroupServiceModel.java:121)
> [main/:?]
> at
> org.apache.ofbiz.service.group.GroupModel.runAll(GroupModel.java:172)
> [main/:?]
> at org.apache.ofbiz.service.group.GroupModel.run(GroupModel.java:135)
> [main/:?]
> at
> org.apache.ofbiz.service.group.ServiceGroupEngine.runSync(ServiceGroupEngine.java:54)
> [main/:?]
> at
> org.apache.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:428)
> [main/:?]
> at
> org.apache.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:244)
> [main/:?]
> at
> org.apache.ofbiz.service.GenericDispatcherFactory$GenericDispatcher.runSync(GenericDispatcherFactory.java:93)
> [main/:?]
> at
> org.apache.ofbiz.webapp.event.ServiceEventHandler.invoke(ServiceEventHandler.java:254)
> [main/:?]
> at
> org.apache.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:1078)
> [main/:?]
> at
> org.apache.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:678)
> [main/:?]
> at
> org.apache.ofbiz.webapp.control.ControlServlet.handle(ControlServlet.java:231)
> [main/:?]
> at
> org.apache.ofbiz.webapp.control.ControlServlet.doPost(ControlServlet.java:81)
> [main/:?]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:555)
> [tomcat-servlet-api-9.0.82.jar:4.0.FR]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:623)
> [tomcat-servlet-api-9.0.82.jar:4.0.FR]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:209)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
> [tomcat-embed-websocket-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.ofbiz.webapp.control.SameSiteFilter.doFilter(SameSiteFilter.java:45)
> [main/:?]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:188)
> [main/:?]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.ofbiz.webapp.control.ControlFilter.doFilter(ControlFilter.java:176)
> [main/:?]
> at javax.servlet.http.HttpFilter.doFilter(HttpFilter.java:53)
> [tomcat-servlet-api-9.0.82.jar:4.0.FR]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)
> [log4j-web-2.20.0.jar:2.20.0]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:670)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.coyote.http2.StreamProcessor.service(StreamProcessor.java:432)
> [tomcat-coyote-9.0.82.jar:9.0.82]
> at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
> [tomcat-coyote-9.0.82.jar:9.0.82]
> at
> org.apache.coyote.http2.StreamProcessor.process(StreamProcessor.java:90)
> [tomcat-coyote-9.0.82.jar:9.0.82]
> at org.apache.coyote.http2.StreamRunnable.run(StreamRunnable.java:35)
> [tomcat-coyote-9.0.82.jar:9.0.82]
> at
> org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
> [tomcat-util-9.0.82.jar:9.0.82]
> at
> org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
> [tomcat-util-9.0.82.jar:9.0.82]
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> [tomcat-util-9.0.82.jar:9.0.82]
> at java.lang.Thread.run(Thread.java:833) [?:?]
> 2024-03-05 09:22:57,840 |jsse-nio-8443-exec-4 |ServiceDispatcher
> |T| Sync service [accounting/createAnonFile] finished in [3] milliseconds
> 2024-03-05 09:22:57,840 |jsse-nio-8443-exec-4 |ServiceUtil
> |E| {errorMessage=For security reason only valid files of supported image
> formats (GIF, JPEG, PNG, TIFF), SVG, PDF, and ZIP or text files with safe
> names (only Alpha-Numeric characters, hyphen, underscore and spaces, only 1
> dot, name and extension not empty) and contents are accepted.,
> responseMessage=error}
> 2024-03-05 09:22:57,840 |jsse-nio-8443-exec-4 |ServiceDispatcher
> |E| Error in Service [attachUploadToDataResource]: For security reason only
> valid files of supported image formats (GIF, JPEG, PNG, TIFF), SVG, PDF, and
> ZIP or text files with safe names (only Alpha-Numeric characters, hyphen,
> underscore and spaces, only 1 dot, name and extension not empty) and contents
> are accepted.
> 2024-03-05 09:22:57,840 |jsse-nio-8443-exec-4 |TransactionUtil
> |I| Transaction rollback only not set, rollback only is already set.
> 2024-03-05 09:22:57,840 |jsse-nio-8443-exec-4 |ServiceDispatcher
> |T| Sync service [accounting/attachUploadToDataResource] finished in [12]
> milliseconds
> 2024-03-05 09:22:57,840 |jsse-nio-8443-exec-4 |GroupModel
> |E| Grouped service [attachUploadToDataResource] failed.
> 2024-03-05 09:22:57,840 |jsse-nio-8443-exec-4 |ServiceDispatcher
> |E| Error in Service [createContentFromUploadedFile]: For security reason
> only valid files of supported image formats (GIF, JPEG, PNG, TIFF), SVG, PDF,
> and ZIP or text files with safe names (only Alpha-Numeric characters, hyphen,
> underscore and spaces, only 1 dot, name and extension not empty) and contents
> are accepted.
> 2024-03-05 09:22:57,840 |jsse-nio-8443-exec-4 |TransactionUtil
> |I| Transaction rollback only not set, rollback only is already set.
> 2024-03-05 09:22:5// code placeholder
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
