This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 08fd60f07e Fixed: Secure the uploads (OFBIZ-12080)
08fd60f07e is described below
commit 08fd60f07e6e312b07d2d6387954e8c686e4797c
Author: Jacques Le Roux <[email protected]>
AuthorDate: Fri Dec 6 10:34:11 2024 +0100
Fixed: Secure the uploads (OFBIZ-12080)
For the same reason I explained to Danny trunk, this renames
upload_file_type
to up_load_file_type
---
.../ofbiz/product/catalog/category/EditCategory.groovy | 2 +-
.../catalog/config/EditProductConfigItemContent.groovy | 2 +-
.../ofbiz/product/catalog/imagemanagement/ImageUpload.groovy | 2 +-
.../ofbiz/product/catalog/product/EditProductContent.groovy | 2 +-
applications/product/template/category/EditCategory.ftl | 8 ++++----
.../product/template/config/EditProductConfigItemContent.ftl | 2 +-
applications/product/template/product/EditProductContent.ftl | 12 ++++++------
7 files changed, 15 insertions(+), 15 deletions(-)
diff --git
a/applications/product/src/main/groovy/org/apache/ofbiz/product/catalog/category/EditCategory.groovy
b/applications/product/src/main/groovy/org/apache/ofbiz/product/catalog/category/EditCategory.groovy
index f69a1be2f0..d204f9f491 100644
---
a/applications/product/src/main/groovy/org/apache/ofbiz/product/catalog/category/EditCategory.groovy
+++
b/applications/product/src/main/groovy/org/apache/ofbiz/product/catalog/category/EditCategory.groovy
@@ -56,7 +56,7 @@ context.imageNameLinkTwo = imageUrlPrefix + '/' +
filenameExpander.expandString(
forLock = new Object()
contentType = null
-fileType = request.getParameter('upload_file_type')
+fileType = request.getParameter('up_load_file_type')
if (fileType) {
context.fileType = fileType
diff --git
a/applications/product/src/main/groovy/org/apache/ofbiz/product/catalog/config/EditProductConfigItemContent.groovy
b/applications/product/src/main/groovy/org/apache/ofbiz/product/catalog/config/EditProductConfigItemContent.groovy
index b4f4a00f6d..bf19db8cfd 100644
---
a/applications/product/src/main/groovy/org/apache/ofbiz/product/catalog/config/EditProductConfigItemContent.groovy
+++
b/applications/product/src/main/groovy/org/apache/ofbiz/product/catalog/config/EditProductConfigItemContent.groovy
@@ -69,7 +69,7 @@ context.tryEntity = tryEntity
forLock = new Object()
contentType = null
-fileType = request.getParameter('upload_file_type')
+fileType = request.getParameter('up_load_file_type')
if (fileType) {
context.fileType = fileType
diff --git
a/applications/product/src/main/groovy/org/apache/ofbiz/product/catalog/imagemanagement/ImageUpload.groovy
b/applications/product/src/main/groovy/org/apache/ofbiz/product/catalog/imagemanagement/ImageUpload.groovy
index 4dd8e3131f..dcb2b14257 100644
---
a/applications/product/src/main/groovy/org/apache/ofbiz/product/catalog/imagemanagement/ImageUpload.groovy
+++
b/applications/product/src/main/groovy/org/apache/ofbiz/product/catalog/imagemanagement/ImageUpload.groovy
@@ -69,7 +69,7 @@ context.tryEntity = tryEntity
// UPLOADING STUFF
forLock = new Object()
contentType = null
-String fileType = request.getParameter('upload_file_type')
+String fileType = request.getParameter('up_load_file_type')
if (fileType) {
context.fileType = fileType
diff --git
a/applications/product/src/main/groovy/org/apache/ofbiz/product/catalog/product/EditProductContent.groovy
b/applications/product/src/main/groovy/org/apache/ofbiz/product/catalog/product/EditProductContent.groovy
index 8e8f041332..7832b55a2f 100644
---
a/applications/product/src/main/groovy/org/apache/ofbiz/product/catalog/product/EditProductContent.groovy
+++
b/applications/product/src/main/groovy/org/apache/ofbiz/product/catalog/product/EditProductContent.groovy
@@ -69,7 +69,7 @@ context.tryEntity = tryEntity
// UPLOADING STUFF
forLock = new Object()
contentType = null
-String fileType = request.getParameter('upload_file_type')
+String fileType = request.getParameter('up_load_file_type')
if (fileType) {
context.fileType = fileType
diff --git a/applications/product/template/category/EditCategory.ftl
b/applications/product/template/category/EditCategory.ftl
index bc7d16c066..fefb8abf82 100644
--- a/applications/product/template/category/EditCategory.ftl
+++ b/applications/product/template/category/EditCategory.ftl
@@ -213,15 +213,15 @@ function insertImageName(type,nameValue) {
<h3>${uiLabelMap.ProductCategoryUploadImage}</h3>
</div>
<div class="screenlet-body">
- <form method="post" enctype="multipart/form-data"
action="<@ofbizUrl>UploadCategoryImage?productCategoryId=${productCategoryId!}&upload_file_type=category</@ofbizUrl>"
name="imageUploadForm">
+ <form method="post" enctype="multipart/form-data"
action="<@ofbizUrl>UploadCategoryImage?productCategoryId=${productCategoryId!}&up_load_file_type=category</@ofbizUrl>"
name="imageUploadForm">
<table cellspacing="0" class="basic-table">
<tr><td>
<input type="file" size="50" name="fname"
accept=".png,.gif,.jpg,.jpeg,.tiff,.tif"/>
<br />
<span>
- <label><input type="radio"
name="up_load_file_type_bogus" value="category" checked="checked"
onclick='setUploadUrl("<@ofbizUrl>UploadCategoryImage?productCategoryId=${productCategoryId}&upload_file_type=category</@ofbizUrl>");'/>${uiLabelMap.ProductCategoryImageUrl}</label>
- <label><input type="radio"
name="up_load_file_type_bogus" value="linkOne"
onclick='setUploadUrl("<@ofbizUrl>UploadCategoryImage?productCategoryId=${productCategoryId}&upload_file_type=linkOne</@ofbizUrl>");'/>${uiLabelMap.ProductLinkOneImageUrl}</label>
- <label><input type="radio"
name="up_load_file_type_bogus"
value="linkTwo"onclick='setUploadUrl("<@ofbizUrl>UploadCategoryImage?productCategoryId=${productCategoryId}&upload_file_type=linkTwo</@ofbizUrl>");'/>${uiLabelMap.ProductLinkTwoImageUrl}</label>
+ <label><input type="radio"
name="up_load_file_type_bogus" value="category" checked="checked"
onclick='setUploadUrl("<@ofbizUrl>UploadCategoryImage?productCategoryId=${productCategoryId}&up_load_file_type=category</@ofbizUrl>");'/>${uiLabelMap.ProductCategoryImageUrl}</label>
+ <label><input type="radio"
name="up_load_file_type_bogus" value="linkOne"
onclick='setUploadUrl("<@ofbizUrl>UploadCategoryImage?productCategoryId=${productCategoryId}&up_load_file_type=linkOne</@ofbizUrl>");'/>${uiLabelMap.ProductLinkOneImageUrl}</label>
+ <label><input type="radio"
name="up_load_file_type_bogus"
value="linkTwo"onclick='setUploadUrl("<@ofbizUrl>UploadCategoryImage?productCategoryId=${productCategoryId}&up_load_file_type=linkTwo</@ofbizUrl>");'/>${uiLabelMap.ProductLinkTwoImageUrl}</label>
</span>
<input type="submit" class="smallSubmit"
value="${uiLabelMap.ProductUploadImage}"/>
</td></tr>
diff --git
a/applications/product/template/config/EditProductConfigItemContent.ftl
b/applications/product/template/config/EditProductConfigItemContent.ftl
index a7aa86908d..bf461fe188 100644
--- a/applications/product/template/config/EditProductConfigItemContent.ftl
+++ b/applications/product/template/config/EditProductConfigItemContent.ftl
@@ -152,7 +152,7 @@ function insertImageName(size,nameValue) {
<h3>${uiLabelMap.ProductUploadImage}</h3>
</div>
<div class="screenlet-body">
- <form method="post" enctype="multipart/form-data"
action="<@ofbizUrl>UploadProductConfigItemImage?configItemId=${configItemId}&upload_file_type=small</@ofbizUrl>"
name="imageUploadForm">
+ <form method="post" enctype="multipart/form-data"
action="<@ofbizUrl>UploadProductConfigItemImage?configItemId=${configItemId}&up_load_file_type=small</@ofbizUrl>"
name="imageUploadForm">
<input type="file" size="50" name="fname"
accept=".png,.gif,.jpg,.jpeg,.tiff,.tif"/>
<input type="submit" class="smallSubmit"
value="${uiLabelMap.ProductUploadImage}" />
</form>
diff --git a/applications/product/template/product/EditProductContent.ftl
b/applications/product/template/product/EditProductContent.ftl
index 036a40cff1..17199eb52e 100644
--- a/applications/product/template/product/EditProductContent.ftl
+++ b/applications/product/template/product/EditProductContent.ftl
@@ -184,7 +184,7 @@ under the License.
};
</script>
<h3>${uiLabelMap.ProductUploadImage}</h3>
- <form method="post" enctype="multipart/form-data"
action="<@ofbizUrl>UploadProductImage?productId=${productId}&upload_file_type=original</@ofbizUrl>"
name="imageUploadForm">
+ <form method="post" enctype="multipart/form-data"
action="<@ofbizUrl>UploadProductImage?productId=${productId}&up_load_file_type=original</@ofbizUrl>"
name="imageUploadForm">
<table cellspacing="0" class="basic-table">
<tr>
<td width="20%" align="right" valign="top">
@@ -192,11 +192,11 @@ under the License.
</td>
<td> </td>
<td width="80%" colspan="4" valign="top">
- <label><input type="radio" name="up_load_file_type_bogus"
value="small"
onclick='setUploadUrl("<@ofbizUrl>UploadProductImage?productId=${productId}&upload_file_type=small</@ofbizUrl>");'/>${uiLabelMap.CommonSmall}</label>
- <label><input type="radio" name="up_load_file_type_bogus"
value="medium"
onclick='setUploadUrl("<@ofbizUrl>UploadProductImage?productId=${productId}&upload_file_type=medium</@ofbizUrl>");'/>${uiLabelMap.CommonMedium}</label>
- <label><input type="radio" name="up_load_file_type_bogus"
value="large"onclick='setUploadUrl("<@ofbizUrl>UploadProductImage?productId=${productId}&upload_file_type=large</@ofbizUrl>");'/>${uiLabelMap.CommonLarge}</label>
- <label><input type="radio" name="up_load_file_type_bogus"
value="detail"
onclick='setUploadUrl("<@ofbizUrl>UploadProductImage?productId=${productId}&upload_file_type=detail</@ofbizUrl>");'/>${uiLabelMap.CommonDetail}</label>
- <label><input type="radio" name="up_load_file_type_bogus"
value="original" checked="checked"
onclick='setUploadUrl("<@ofbizUrl>UploadProductImage?productId=${productId}&upload_file_type=original</@ofbizUrl>");'/>${uiLabelMap.ProductOriginal}</label>
+ <label><input type="radio" name="up_load_file_type_bogus"
value="small"
onclick='setUploadUrl("<@ofbizUrl>UploadProductImage?productId=${productId}&up_load_file_type=small</@ofbizUrl>");'/>${uiLabelMap.CommonSmall}</label>
+ <label><input type="radio" name="up_load_file_type_bogus"
value="medium"
onclick='setUploadUrl("<@ofbizUrl>UploadProductImage?productId=${productId}&up_load_file_type=medium</@ofbizUrl>");'/>${uiLabelMap.CommonMedium}</label>
+ <label><input type="radio" name="up_load_file_type_bogus"
value="large"onclick='setUploadUrl("<@ofbizUrl>UploadProductImage?productId=${productId}&up_load_file_type=large</@ofbizUrl>");'/>${uiLabelMap.CommonLarge}</label>
+ <label><input type="radio" name="up_load_file_type_bogus"
value="detail"
onclick='setUploadUrl("<@ofbizUrl>UploadProductImage?productId=${productId}&up_load_file_type=detail</@ofbizUrl>");'/>${uiLabelMap.CommonDetail}</label>
+ <label><input type="radio" name="up_load_file_type_bogus"
value="original" checked="checked"
onclick='setUploadUrl("<@ofbizUrl>UploadProductImage?productId=${productId}&up_load_file_type=original</@ofbizUrl>");'/>${uiLabelMap.ProductOriginal}</label>
<input type="submit" class="smallSubmit"
value="${uiLabelMap.ProductUploadImage}"/>
</td>
</tr>
