[ofbiz-framework] branch release17.12 updated: Fixed: partymgr fails to upload image (OFBIZ-12101)

Sat, 26 Dec 2020 00:09:16 -0800 

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release17.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/release17.12 by this push:
     new 2d15771  Fixed: partymgr fails to upload image (OFBIZ-12101)
2d15771 is described below

commit 2d15771d56ab1637efa5685799f86a7bb118cee4
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Sat Dec 26 09:06:02 2020 +0100

    Fixed: partymgr fails to upload image (OFBIZ-12101)
    
    This is a bug due to OFBIZ-12080, fileToCheck is the complete name of the 
file
    with path not the filename
    
    Thanks: Wai for report
---
 .../src/main/java/org/apache/ofbiz/security/SecuredUpload.java      | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git 
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java 
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
index d9c0952..fe68a73 100644
--- 
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
+++ 
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
@@ -105,11 +105,13 @@ public class SecuredUpload {
             return true;
         }
 
+        Path p = Paths.get(fileToCheck);
+        String file = p.getFileName().toString();
         if (org.apache.commons.lang3.SystemUtils.IS_OS_WINDOWS) {
             if (fileToCheck.length() > 259) {
                 Debug.logError("Uploaded file name too long", MODULE);
                 return false;
-            } else if 
(!fileToCheck.matches("[a-zA-Z0-9]{1,249}.[a-zA-Z0-9]{1,10}")) {
+            } else if (!file.matches("[a-zA-Z0-9]{1,249}.[a-zA-Z0-9]{1,10}")) {
                 Debug.logError("Uploaded file "
                         + " should contain only Alpha-Numeric characters, only 
1 dot as an input for the file name and the extension."
                         + "The file name and the extension should not be empty 
at all",
@@ -120,7 +122,7 @@ public class SecuredUpload {
             if (fileToCheck.length() > 4096) {
                 Debug.logError("Uploaded file name too long", MODULE);
                 return false;
-            } else if 
(!fileToCheck.matches("[a-zA-Z0-9]{1,4086}.[a-zA-Z0-9]{1,10}")) {
+            } else if (!file.matches("[a-zA-Z0-9]{1,4086}.[a-zA-Z0-9]{1,10}")) 
{
                 Debug.logError("Uploaded file "
                         + " should contain only Alpha-Numeric characters, only 
1 dot as an input for the file name and the extension."
                         + "Tthe file name and the extension should not be 
empty at all",

Reply via email to