This is an automated email from the ASF dual-hosted git repository. jleroux pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
commit 100810faeb603183643734f5efbec52e2398d7bd Author: Jacques Le Roux <jacques.le.r...@les7arts.com> AuthorDate: Mon Dec 7 19:48:36 2020 +0100 Fixed: Secure the uploads (OFBIZ-12080) Adds audio and video as supported formats --- framework/security/config/security.properties | 2 +- .../security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/framework/security/config/security.properties b/framework/security/config/security.properties index c904be3..43ede04 100644 --- a/framework/security/config/security.properties +++ b/framework/security/config/security.properties @@ -200,7 +200,7 @@ csrf.defense.strategy= templateClassResolver= -#-- UPLOAD: supported file formats are *safe* PNG, GIF, TIFF, JPEG, PDF and ZIP +#-- UPLOAD: supported file formats are *safe* PNG, GIF, TIFF, JPEG, PDF, Audio and Video and ZIP #-- #-- No proprietary file formats (Excel, Word, etc.) are handled OOTB. #-- They can be handled by custom projects using https://github.com/righettod/document-upload-protection: diff --git a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java index e233228..0751067 100644 --- a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java +++ b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java @@ -88,7 +88,7 @@ public class SecuredUpload { // https://en.wikipedia.org/wiki/File_format // https://en.wikipedia.org/wiki/List_of_file_signatures // See also information in security.properties: - // Line #-- UPLOAD: supported file formats are *safe* PNG, GIF, TIFF, JPEG, PDF and ZIP + // Line #-- UPLOAD: supported file formats are *safe* PNG, GIF, TIFF, JPEG, PDF, Audio and Video and ZIP private static final String MODULE = SecuredUpload.class.getName();