[ofbiz-framework] 01/03: Improved: Secure the uploads (OFBIZ-12080)

Sat, 21 May 2022 01:42:21 -0700 

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release22.01
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git

commit 4f71f851db2d95113b712b385734401a2a5f0149
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Sat May 21 10:05:02 2022 +0200

    Improved: Secure the uploads (OFBIZ-12080)
    
    Attachments to order can be also documents. Accepting only images did not 
prevent
    it, you can always bypass that, but it clarifies things.
    
    Also improves the ContentUploadFileTypeNotMatch English label
---
 applications/content/config/ContentUiLabels.xml           | 4 ++--
 applications/order/template/order/AddOrderAttachments.ftl | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/applications/content/config/ContentUiLabels.xml 
b/applications/content/config/ContentUiLabels.xml
index 38537546ea..3ebd05f03a 100644
--- a/applications/content/config/ContentUiLabels.xml
+++ b/applications/content/config/ContentUiLabels.xml
@@ -3141,7 +3141,7 @@
         <value 
xml:lang="zh-TW">你沒有檢視本頁面的權限.(需要具備"CONTENTMGR_UPDATE"或"CONTENTMGR_ADMIN")</value>
     </property>
     <property key="ContentUploadFileTypeNotMatch">
-        <value xml:lang="en">Upload file type not match your selected.</value>
+        <value xml:lang="en">Upload file type not match your selection.</value>
         <value xml:lang="fr">Le type de fichier chargé ne correspond pas avec 
votre selection.</value>
         <value xml:lang="it">Tipo file da caricare non corrisponde alla tua 
selezione.</value>
         <value xml:lang="ja">選択したアップロードファイルの種類が一致しません。</value>
@@ -7147,4 +7147,4 @@
         <value xml:lang="zh">生成缺失的搜索引擎优化的网址</value>
         <value xml:lang="zh-TW">產生缺失的搜尋引擎優化的網址</value>
     </property>
-</resource>
\ No newline at end of file
+</resource>
diff --git a/applications/order/template/order/AddOrderAttachments.ftl 
b/applications/order/template/order/AddOrderAttachments.ftl
index 17033d8664..3955a5d40a 100644
--- a/applications/order/template/order/AddOrderAttachments.ftl
+++ b/applications/order/template/order/AddOrderAttachments.ftl
@@ -49,7 +49,7 @@ under the License.
         </select>
       </div>
       <div>
-        <input type="file" name="uploadedFile" class="required" size="25" 
accept=".png,.gif,.jpg,.jpeg,.tiff,.tif"/>
+        <input type="file" name="uploadedFile" class="required" size="25"/>
       </div>
       <div>
         <button type="submit">

Reply via email to