[
https://issues.apache.org/jira/browse/OFBIZ-12929?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jacques Le Roux updated OFBIZ-12929:
------------------------------------
Issue Type: Improvement (was: Bug)
This is not really a bug but an improvement.
> OFBiz doesn't allow upload.
> ---------------------------
>
> Key: OFBIZ-12929
> URL: https://issues.apache.org/jira/browse/OFBIZ-12929
> Project: OFBiz
> Issue Type: Improvement
> Components: accounting
> Affects Versions: Upcoming Branch
> Reporter: Pierre Smits
> Assignee: Jacques Le Roux
> Priority: Major
> Attachments: Screenshot 2024-03-05 at 09.18.27.png
>
>
> In demo trunk and local with demo data in an existing agreement, no files of
> following type can be uploaded:
> * pdf
> * xlsx
> * pptx
> * docx
> in screen a message as per attached image is shown, in the console following
> is shown:
> {code:java}
> 2024-03-05 09:22:57,838 |jsse-nio-8443-exec-4 |SecuredUpload
> |E| For security reason lines over 10000 are not allowed
> 2024-03-05 09:22:57,838 |jsse-nio-8443-exec-4 |ServiceUtil
> |E| {errorMessage=For security reason only valid files of supported image
> formats (GIF, JPEG, PNG, TIFF), SVG, PDF, and ZIP or text files with safe
> names (only Alpha-Numeric characters, hyphen, underscore and spaces, only 1
> dot, name and extension not empty) and contents are accepted.,
> responseMessage=error}
> 2024-03-05 09:22:57,838 |jsse-nio-8443-exec-4 |ServiceDispatcher
> |E| Error in Service [createAnonFile]: For security reason only valid files
> of supported image formats (GIF, JPEG, PNG, TIFF), SVG, PDF, and ZIP or text
> files with safe names (only Alpha-Numeric characters, hyphen, underscore and
> spaces, only 1 dot, name and extension not empty) and contents are accepted.
> 2024-03-05 09:22:57,839 |jsse-nio-8443-exec-4 |TransactionUtil
> |W| Calling transaction setRollbackOnly; this stack trace shows where this is
> happening:
> java.lang.Exception: Error in Service [createAnonFile]: For security reason
> only valid files of supported image formats (GIF, JPEG, PNG, TIFF), SVG, PDF,
> and ZIP or text files with safe names (only Alpha-Numeric characters, hyphen,
> underscore and spaces, only 1 dot, name and extension not empty) and contents
> are accepted.
> at
> org.apache.ofbiz.entity.transaction.TransactionUtil.setRollbackOnly(TransactionUtil.java:372)
> [main/:?]
> at
> org.apache.ofbiz.entity.transaction.TransactionUtil.rollback(TransactionUtil.java:306)
> [main/:?]
> at
> org.apache.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:577)
> [main/:?]
> at
> org.apache.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:244)
> [main/:?]
> at
> org.apache.ofbiz.service.GenericDispatcherFactory$GenericDispatcher.runSync(GenericDispatcherFactory.java:93)
> [main/:?]
> at org.apache.ofbiz.service.LocalDispatcher$runSync$0.call(Unknown
> Source) [main/:?]
> at
> org.apache.ofbiz.service.engine.GroovyBaseScript.runService(GroovyBaseScript.groovy:74)
> [main/:?]
> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method) ~[?:?]
> at
> jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
> ~[?:?]
> at
> jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:?]
> at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
> at
> org.codehaus.groovy.runtime.callsite.PlainObjectMetaMethodSite.doInvoke(PlainObjectMetaMethodSite.java:48)
> [groovy-3.0.21.jar:3.0.21]
> at
> org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite$PogoCachedMethodSite.invoke(PogoMetaMethodSite.java:166)
> [groovy-3.0.21.jar:3.0.21]
> at
> org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.callCurrent(PogoMetaMethodSite.java:57)
> [groovy-3.0.21.jar:3.0.21]
> at
> org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:51)
> [groovy-3.0.21.jar:3.0.21]
> at
> org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.callCurrent(PogoMetaMethodSite.java:62)
> [groovy-3.0.21.jar:3.0.21]
> at
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:194)
> [groovy-3.0.21.jar:3.0.21]
> at
> org.apache.ofbiz.service.engine.GroovyBaseScript.run(GroovyBaseScript.groovy:82)
> [main/:?]
> at
> org.apache.ofbiz.service.engine.GroovyBaseScript$run$3.callCurrent(Unknown
> Source) [main/:?]
> at
> org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:51)
> [groovy-3.0.21.jar:3.0.21]
> at
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:171)
> [groovy-3.0.21.jar:3.0.21]
> at
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:185)
> [groovy-3.0.21.jar:3.0.21]
> at
> org.apache.ofbiz.content.data.DataServicesScript.saveLocalFileDataResource(DataServicesScript.groovy:274)
> [script:?]
> at
> org.apache.ofbiz.content.data.DataServicesScript$saveLocalFileDataResource.callCurrent(Unknown
> Source) [script:?]
> at
> org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:51)
> [groovy-3.0.21.jar:3.0.21]
> at
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:171)
> [groovy-3.0.21.jar:3.0.21]
> at
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:185)
> [groovy-3.0.21.jar:3.0.21]
> at
> org.apache.ofbiz.content.data.DataServicesScript.attachUploadToDataResource(DataServicesScript.groovy:179)
> [script:?]
> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method) ~[?:?]
> at
> jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
> ~[?:?]
> at
> jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:?]
> at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
> at
> org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:107)
> [groovy-3.0.21.jar:3.0.21]
> at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:323)
> [groovy-3.0.21.jar:3.0.21]
> at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1254)
> [groovy-3.0.21.jar:3.0.21]
> at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1030)
> [groovy-3.0.21.jar:3.0.21]
> at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:814)
> [groovy-3.0.21.jar:3.0.21]
> at groovy.lang.GroovyObject.invokeMethod(GroovyObject.java:39)
> [groovy-3.0.21.jar:3.0.21]
> at groovy.lang.Script.invokeMethod(Script.java:96)
> [groovy-3.0.21.jar:3.0.21]
> at
> org.apache.ofbiz.service.engine.GroovyEngine.runSync(GroovyEngine.java:110)
> [main/:?]
> at
> org.apache.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:428)
> [main/:?]
> at
> org.apache.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:244)
> [main/:?]
> at
> org.apache.ofbiz.service.group.GroupServiceModel.invoke(GroupServiceModel.java:121)
> [main/:?]
> at
> org.apache.ofbiz.service.group.GroupModel.runAll(GroupModel.java:172)
> [main/:?]
> at org.apache.ofbiz.service.group.GroupModel.run(GroupModel.java:135)
> [main/:?]
> at
> org.apache.ofbiz.service.group.ServiceGroupEngine.runSync(ServiceGroupEngine.java:54)
> [main/:?]
> at
> org.apache.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:428)
> [main/:?]
> at
> org.apache.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:244)
> [main/:?]
> at
> org.apache.ofbiz.service.group.GroupServiceModel.invoke(GroupServiceModel.java:121)
> [main/:?]
> at
> org.apache.ofbiz.service.group.GroupModel.runAll(GroupModel.java:172)
> [main/:?]
> at org.apache.ofbiz.service.group.GroupModel.run(GroupModel.java:135)
> [main/:?]
> at
> org.apache.ofbiz.service.group.ServiceGroupEngine.runSync(ServiceGroupEngine.java:54)
> [main/:?]
> at
> org.apache.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:428)
> [main/:?]
> at
> org.apache.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:244)
> [main/:?]
> at
> org.apache.ofbiz.service.GenericDispatcherFactory$GenericDispatcher.runSync(GenericDispatcherFactory.java:93)
> [main/:?]
> at
> org.apache.ofbiz.webapp.event.ServiceEventHandler.invoke(ServiceEventHandler.java:254)
> [main/:?]
> at
> org.apache.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:1078)
> [main/:?]
> at
> org.apache.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:678)
> [main/:?]
> at
> org.apache.ofbiz.webapp.control.ControlServlet.handle(ControlServlet.java:231)
> [main/:?]
> at
> org.apache.ofbiz.webapp.control.ControlServlet.doPost(ControlServlet.java:81)
> [main/:?]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:555)
> [tomcat-servlet-api-9.0.82.jar:4.0.FR]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:623)
> [tomcat-servlet-api-9.0.82.jar:4.0.FR]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:209)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
> [tomcat-embed-websocket-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.ofbiz.webapp.control.SameSiteFilter.doFilter(SameSiteFilter.java:45)
> [main/:?]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:188)
> [main/:?]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.ofbiz.webapp.control.ControlFilter.doFilter(ControlFilter.java:176)
> [main/:?]
> at javax.servlet.http.HttpFilter.doFilter(HttpFilter.java:53)
> [tomcat-servlet-api-9.0.82.jar:4.0.FR]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)
> [log4j-web-2.20.0.jar:2.20.0]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:670)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
> [tomcat-catalina-9.0.82.jar:9.0.82]
> at
> org.apache.coyote.http2.StreamProcessor.service(StreamProcessor.java:432)
> [tomcat-coyote-9.0.82.jar:9.0.82]
> at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
> [tomcat-coyote-9.0.82.jar:9.0.82]
> at
> org.apache.coyote.http2.StreamProcessor.process(StreamProcessor.java:90)
> [tomcat-coyote-9.0.82.jar:9.0.82]
> at org.apache.coyote.http2.StreamRunnable.run(StreamRunnable.java:35)
> [tomcat-coyote-9.0.82.jar:9.0.82]
> at
> org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
> [tomcat-util-9.0.82.jar:9.0.82]
> at
> org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
> [tomcat-util-9.0.82.jar:9.0.82]
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> [tomcat-util-9.0.82.jar:9.0.82]
> at java.lang.Thread.run(Thread.java:833) [?:?]
> 2024-03-05 09:22:57,840 |jsse-nio-8443-exec-4 |ServiceDispatcher
> |T| Sync service [accounting/createAnonFile] finished in [3] milliseconds
> 2024-03-05 09:22:57,840 |jsse-nio-8443-exec-4 |ServiceUtil
> |E| {errorMessage=For security reason only valid files of supported image
> formats (GIF, JPEG, PNG, TIFF), SVG, PDF, and ZIP or text files with safe
> names (only Alpha-Numeric characters, hyphen, underscore and spaces, only 1
> dot, name and extension not empty) and contents are accepted.,
> responseMessage=error}
> 2024-03-05 09:22:57,840 |jsse-nio-8443-exec-4 |ServiceDispatcher
> |E| Error in Service [attachUploadToDataResource]: For security reason only
> valid files of supported image formats (GIF, JPEG, PNG, TIFF), SVG, PDF, and
> ZIP or text files with safe names (only Alpha-Numeric characters, hyphen,
> underscore and spaces, only 1 dot, name and extension not empty) and contents
> are accepted.
> 2024-03-05 09:22:57,840 |jsse-nio-8443-exec-4 |TransactionUtil
> |I| Transaction rollback only not set, rollback only is already set.
> 2024-03-05 09:22:57,840 |jsse-nio-8443-exec-4 |ServiceDispatcher
> |T| Sync service [accounting/attachUploadToDataResource] finished in [12]
> milliseconds
> 2024-03-05 09:22:57,840 |jsse-nio-8443-exec-4 |GroupModel
> |E| Grouped service [attachUploadToDataResource] failed.
> 2024-03-05 09:22:57,840 |jsse-nio-8443-exec-4 |ServiceDispatcher
> |E| Error in Service [createContentFromUploadedFile]: For security reason
> only valid files of supported image formats (GIF, JPEG, PNG, TIFF), SVG, PDF,
> and ZIP or text files with safe names (only Alpha-Numeric characters, hyphen,
> underscore and spaces, only 1 dot, name and extension not empty) and contents
> are accepted.
> 2024-03-05 09:22:57,840 |jsse-nio-8443-exec-4 |TransactionUtil
> |I| Transaction rollback only not set, rollback only is already set.
> 2024-03-05 09:22:5// code placeholder
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
