[ofbiz-framework] 04/04: Fixed: Secure the uploads (OFBIZ-12080)

Mon, 07 Dec 2020 10:50:14 -0800 

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git

commit 100810faeb603183643734f5efbec52e2398d7bd
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Mon Dec 7 19:48:36 2020 +0100

    Fixed: Secure the uploads (OFBIZ-12080)
    
    Adds audio and video as supported formats
---
 framework/security/config/security.properties                           | 2 +-
 .../security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/framework/security/config/security.properties 
b/framework/security/config/security.properties
index c904be3..43ede04 100644
--- a/framework/security/config/security.properties
+++ b/framework/security/config/security.properties
@@ -200,7 +200,7 @@ csrf.defense.strategy=
 templateClassResolver=
 
 
-#-- UPLOAD: supported file formats are *safe* PNG, GIF, TIFF, JPEG, PDF and ZIP
+#-- UPLOAD: supported file formats are *safe* PNG, GIF, TIFF, JPEG, PDF, Audio 
and Video and ZIP
 #--
 #-- No proprietary file formats (Excel, Word, etc.) are handled OOTB.
 #-- They can be handled by custom projects using  
https://github.com/righettod/document-upload-protection:
diff --git 
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java 
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
index e233228..0751067 100644
--- 
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
+++ 
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
@@ -88,7 +88,7 @@ public class SecuredUpload {
     // https://en.wikipedia.org/wiki/File_format
     // https://en.wikipedia.org/wiki/List_of_file_signatures
     // See also information in security.properties:
-    // Line #-- UPLOAD: supported file formats are *safe* PNG, GIF, TIFF, 
JPEG, PDF and ZIP
+    // Line #-- UPLOAD: supported file formats are *safe* PNG, GIF, TIFF, 
JPEG, PDF, Audio and Video and ZIP
 
     private static final String MODULE = SecuredUpload.class.getName();

Reply via email to