[jira] [Commented] (OFBIZ-12851) Allow configuration of file name validation pattern

ASF subversion and git services (Jira) Tue, 29 Aug 2023 08:11:01 -0700


    [ 
https://issues.apache.org/jira/browse/OFBIZ-12851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17759989#comment-17759989
 ]


ASF subversion and git services commented on OFBIZ-12851:
---------------------------------------------------------

Commit 950be5b0aa2283147be6fc2ebdded06d09831627 in ofbiz-framework's branch 
refs/heads/trunk from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=950be5b0aa ]

Improved: Allow configuration of file name validation pattern (OFBIZ-12851)

Read file name validation pattern from security.properties to allow 
customization
Explanation:
Hard coding the pattern made it difficult to adjust file name validation.

jleroux: Rather than pushing the PR, which is OK with me, I apply as a patch
locally and make some modifications before pushing:
indentation in SecuredUpload, and warning about file names safeness in
security.properties

Thanks: originalnichtskoenner for this PR on GH:
https://github.com/apache/ofbiz-framework/pull/668.


> Allow configuration of file name validation pattern
> ---------------------------------------------------
>
>                 Key: OFBIZ-12851
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-12851
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: framework/security
>    Affects Versions: Upcoming Branch
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Minor
>             Fix For: Upcoming Branch
>
>
> Thanks to originalnichtskoenner for this PR on GH: 
> [https://github.com/apache/ofbiz-framework/pull/668]. See my comment there.
> <<Read file name validation pattern from security.properties to allow 
> customization
> Explanation: 
> Hard coding the pattern made it difficult to adjust file name validation. I 
> hope that making it configurable will improve this.>>
> Rather than pushing the PR, which is OK with me, I'll apply as a patch 
> locally and make some modifications before pushing: indentation in 
> SecuredUpload, and warning about file names safeness in security.properties



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (OFBIZ-12851) Allow configuration of file name validation pattern

Reply via email to