This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release18.12 by this push:
new 377b3013c8 Fixed: SecuredUpload, impossible to upload a text file in
the "All" case (OFBIZ-13139)
377b3013c8 is described below
commit 377b3013c89f2b35e9d399d31ac473b55c65df5b
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Wed Sep 11 08:39:45 2024 +0200
Fixed: SecuredUpload, impossible to upload a text file in the "All" case
(OFBIZ-13139)
Even valid text files (ie not containing any token of deniedWebShellTokens)
don't pass because they are stopped by the exception "PDF header signature
not found".
This is due to the PDF check in the "All" case and that fixes it.
---
.../security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
index a2d5e8f0e7..edf7f189e1 100644
---
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
+++
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
@@ -288,7 +288,7 @@ public class SecuredUpload {
|| isValidCompressedFile(fileToCheck, delegator)
|| isValidAudioFile(fileToCheck)
|| isValidVideoFile(fileToCheck)
- || isValidPdfFile(fileToCheck)
+ || isPdfFile(fileToCheck) && isValidPdfFile(fileToCheck)
|| isValidCsvFile(fileToCheck)) {
return true;
}
