This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 106f1f555c Fixed: SecuredUpload, impossible to upload a text file in
the "All" case (OFBIZ-13139)
106f1f555c is described below
commit 106f1f555ca8b608d1592a36dac1c31ef76c4cd5
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Wed Sep 11 08:39:45 2024 +0200
Fixed: SecuredUpload, impossible to upload a text file in the "All" case
(OFBIZ-13139)
Even valid text files (ie not containing any token of deniedWebShellTokens)
don't pass because they are stopped by the exception "PDF header signature
not found".
This is due to the PDF check in the "All" case and that fixes it.
---
.../security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
index 2f1d124c8a..1a276dc6b0 100644
---
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
+++
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
@@ -331,7 +331,7 @@ public class SecuredUpload {
|| isValidCompressedFile(fileToCheck, delegator)
|| isValidAudioFile(fileToCheck)
|| isValidVideoFile(fileToCheck)
- || isValidPdfFile(fileToCheck)
+ || isPdfFile(fileToCheck) && isValidPdfFile(fileToCheck)
|| isValidCsvFile(fileToCheck)) {
return true;
}
