This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release22.01
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release22.01 by this push:
new 2ad16f3 Fixed: Secure the uploads (OFBIZ-12080)
2ad16f3 is described below
commit 2ad16f3e8af22bf9a33614c276d056d912c95ecb
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Fri Feb 25 12:06:44 2022 +0100
Fixed: Secure the uploads (OFBIZ-12080)
Checks that the content of SecuredUpload::isValidText is not null,
else returns false
Suspenders and belt type of fix.
---
.../security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
index 029db47..de07002 100644
---
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
+++
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
@@ -104,7 +104,7 @@ public class SecuredUpload {
private static final Integer MAXLINELENGTH =
UtilProperties.getPropertyAsInteger("security", "maxLineLength", 10000);
public static boolean isValidText(String content, List<String> allowed)
throws IOException {
- return DENIEDWEBSHELLTOKENS.stream().allMatch(token ->
isValid(content, token, allowed));
+ return content != null ? DENIEDWEBSHELLTOKENS.stream().allMatch(token
-> isValid(content, token, allowed)) : false;
}
public static boolean isValidFileName(String fileToCheck, Delegator
delegator) throws IOException {
