Hi Jacques, I refere to the default product images uploaded via the upload form on EditProductContent. The images are correctly uploaded and scaled. They cannot be viewed for example on the same screen (preview images).
Example: Upload to: /images/tenant/demo/products/demoproduct/small.JPG Views via: https://mydomain/images/tenant/demo/products/demoproduct/small.JPG If the are not uploaded in the webapp folder that referes to the web-path /images they will not be displayed. Content images are handled differently - https://mydomain/stream?contentId=10000 Best regards, Ingo -----Ursprüngliche Nachricht----- Von: Jacques Le Roux <jacques.le.r...@les7arts.com> Gesendet: Donnerstag, 17. März 2022 07:53 An: user@ofbiz.apache.org Betreff: Re: AW: AW: distTar Hi Ingo, What images are you speaking about and from where do you try to view these images? As a 1st step, I guess it's products images. If it's additional imaged added through product/content you should be able to see them on ecommerce site. Note: I'm currently reviewing the situation of "images" and will get back to that later on dev ML with maybe a copy here too... Jacques Le 16/03/2022 à 10:41, Ingo Wolfmayr a écrit : > Hi Jaques, > > I have one more question to the image path: When I set the > "image.server.path" to for example "/home/ofbiz/images" the file is > uploaded fine - the files are in the right path. Unfortunately viewing > the image requires it to be available via a webpath as by default > /images > > Do you have a recommendation on how to set it up correctly? > > Best regards, > Ingo > > -----Ursprüngliche Nachricht----- > Von: Jacques Le Roux <jacques.le.r...@les7arts.com> > Gesendet: Freitag, 11. Februar 2022 19:06 > An: user@ofbiz.apache.org > Betreff: Re: AW: distTar > > Hi Ingo, All, > > To clarify my thoughts and message. > > Actually I was wrong when I said that "a feature was lost when common-theme > was put in". The rest is right. This feature is the possibility, through > image.server.path property in catalog.properties file, to place the images, > and other the static files as well, in a location that fits with you for any > reason. Notably following the NSA recommendation to place it in "a non-web > accessible area". This to prevent webshell uploads and all kind of other > malicious files uploads. The same is true for the other property > image.management.path. > > So the fact that before common-theme was put in, with the folder for images > /themes/common/images/webapp/images/, this folder was > /framework/images/webapp/images/ has nothing to do with "a non-web accessible > area". That's you to decide... > > There is also a ${tenantId} var used in image.server.path property that is > used in case of multi-tenant, that's another thing. > > So I finally don't think it's necessary to put the images and > image.management in runtime. This would add nothing. I'll remove the > FIXMEs > > Jacques > > Le 07/02/2022 à 19:37, Ingo Wolfmayr a écrit : >> Hi Jacques, >> >> thanks for the fast response. I will do it exactly as you say. >> >> Best regards >> Ingo >> >> >> -----Ursprüngliche Nachricht----- >> Von: Jacques Le Roux<jacques.le.r...@les7arts.com> >> Gesendet: Montag, 7. Februar 2022 19:21 An:user@ofbiz.apache.org >> Betreff: Re: distTar >> >> Hi Ingo, >> >> You don't need to use >> >> ./gradlew "ofbiz start" >> >> ./gradlew ofbiz >> is enough and does not generate zip/tar. >> >> This said I'm currently working on a feature that was lost when >> common-theme was put in. Fortunately tt was then documented by these >> FIXMEs #FIXME the image server path need to be moved on runtime >> #FIXME the image management path need to be moved on runtime >> >> The idea is to not have the images under OFBiz tree but in a specific >> location unrelated to OFBiz. >> >> I'm actually also working on this for security reason. It's a NSA >> recommendation*: >> >> <<Officials explained that web applications should not be given >> permissions to write directly to a web accessible directory or modify web >> accessible code. >> “Attackers are unable to upload a web shell to a vulnerable >> application if the web server blocks access to the web accessible directory,” >> according to the guidance. “To preserve functionality, some web >> applications require configuration changes to save uploads to a non-web >> accessible >> area.”>> >> >> “To preserve functionality, some web applications require configuration >> changes to save uploads to a non-web accessible area.” That's exactly what >> we lost with common-theme. Fortunately it was documented and I stumbled upon >> it while working on related security issues. >> >> Having images, and at large static files, in a specific location can also >> allow to speed things... >> >> >> HTH >> >> Jacques >> *https://healthitsecurity.com/news/nsa-shares-guide-to-web-shell-malw >> a >> re-vulnerabilities-mitigation >> >> >> Le 07/02/2022 à 17:56, Ingo Wolfmayr a écrit : >>> Hi everybody, >>> >>> I have a question about building ofbiz. In previous versions for example >>> 17.12 I had the following process: >>> >>> ./gradlew build (build the project and see if everything is fine) >>> ./gradlew "ofbiz start" >>> >>> Now I am working with the current trunk and when I start ./gradlew build it >>> starts "disttar" and generates a .tar and a .zip. As I have lots of images >>> in a project it uses lots of disk space and time. Is my process wrong? Is >>> there "correct" way of how it should be done? >>> >>> Thanks for every hint. >>> >>> Best regards, >>> Ingo >>> >>>
