Hi Groza, After facing several webshell uploads I made SecuredUpload.java as secure as possible OOTB.
I see 2 options here: * Increase maxLineLength in security.properties (could be unsecure, but not that bad) * Improve SecuredUpload by having a special treatment for Images at line 209 HTH Jacques Le 07/09/2024 à 12:52, Groza Danut a écrit :
Hi, Have you tried to add an image to a product? I get an error message saying type unsupported for security reasons, even if the file type is .jpeg. When debugging I found that ProductServices.addAdditionalViewForProduct is called. At line 1083: org.apache.ofbiz.security.SecuredUpload.isValidFile is called Inside SecuredUpload line 254: checkMaxLinesLength throws an error, since this is a jpeg file. As far as I see it, isValidFile should not checkMaxLinesLength if the fileType is IMAGE.
