[
https://issues.apache.org/jira/browse/OFBIZ-13192?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jacques Le Roux updated OFBIZ-13192:
------------------------------------
Description:
Follow-up bug:
The upload is a multipart and in HttpRequestFileUpload we are reading the
entire body as input stream:
[https://github.com/apache/ofbiz-framework/blob/8d69f18dd64bd6b064c4de029629b77cb88107d3/framework/base/src/main/java/org/apache/ofbiz/base/util/HttpRequestFileUpload.java#L154]
That's why "Content-Disposition" gets added to the end of the file - even for
images:
{code:java}
0009c1a0: 2d2d 2d2d 2d2d 3138 3637 3331 3336 3434 ------1867313644
0009c1b0: 3232 3339 3435 3435 3433 3237 3431 3138 2239454543274118
0009c1c0: 3032 3738 0d0a 436f 6e74 656e 742d 4469 0278..Content-Di
0009c1d0: 7370 6f73 6974 696f 6e3a 2066 6f72 6d2d sposition: form-
0009c1e0: 6461 7461 3b20 6e61 6d65 3d22 7570 5f6c data; name="up_l
0009c1f0: 6f61 645f 6669 6c65 5f74 7970 655f 626f oad_file_type_bo
0009c200: 6775 7322 0d0a 0d0a 6c69 6e6b 4f6e 65 gus"....linkOne
{code}
For SVG files at least, we should read only the binary part of the multipart
request. For images, it's a real issue when uploading SVG files.
was:
Follow-up bug:
The upload is a multipart and in HttpRequestFileUpload we are reading the
entire body as input stream:
[https://github.com/apache/ofbiz-framework/blob/8d69f18dd64bd6b064c4de029629b77cb88107d3/framework/base/src/main/java/org/apache/ofbiz/base/util/HttpRequestFileUpload.java#L154]
That's why "Content-Disposition" gets added to the end of the file - even for
images:
{code:java}
0009c1a0: 2d2d 2d2d 2d2d 3138 3637 3331 3336 3434 ------1867313644
0009c1b0: 3232 3339 3435 3435 3433 3237 3431 3138 2239454543274118
0009c1c0: 3032 3738 0d0a 436f 6e74 656e 742d 4469 0278..Content-Di
0009c1d0: 7370 6f73 6974 696f 6e3a 2066 6f72 6d2d sposition: form-
0009c1e0: 6461 7461 3b20 6e61 6d65 3d22 7570 5f6c data; name="up_l
0009c1f0: 6f61 645f 6669 6c65 5f74 7970 655f 626f oad_file_type_bo
0009c200: 6775 7322 0d0a 0d0a 6c69 6e6b 4f6e 65 gus"....linkOne
{code}
Miss the reading of only the binary part of the multipart request. For images,
it's a real issue when uploading SVG files.
> HttpRequestFileUpload includes "Content-Disposition" part and following
> -----------------------------------------------------------------------
>
> Key: OFBIZ-13192
> URL: https://issues.apache.org/jira/browse/OFBIZ-13192
> Project: OFBiz
> Issue Type: Bug
> Components: ALL APPLICATIONS, ALL PLUGINS
> Reporter: Danny Trunk
> Assignee: Jacques Le Roux
> Priority: Major
> Fix For: 18.12.01
>
>
> Follow-up bug:
> The upload is a multipart and in HttpRequestFileUpload we are reading the
> entire body as input stream:
> [https://github.com/apache/ofbiz-framework/blob/8d69f18dd64bd6b064c4de029629b77cb88107d3/framework/base/src/main/java/org/apache/ofbiz/base/util/HttpRequestFileUpload.java#L154]
> That's why "Content-Disposition" gets added to the end of the file - even for
> images:
> {code:java}
> 0009c1a0: 2d2d 2d2d 2d2d 3138 3637 3331 3336 3434 ------1867313644
> 0009c1b0: 3232 3339 3435 3435 3433 3237 3431 3138 2239454543274118
> 0009c1c0: 3032 3738 0d0a 436f 6e74 656e 742d 4469 0278..Content-Di
> 0009c1d0: 7370 6f73 6974 696f 6e3a 2066 6f72 6d2d sposition: form-
> 0009c1e0: 6461 7461 3b20 6e61 6d65 3d22 7570 5f6c data; name="up_l
> 0009c1f0: 6f61 645f 6669 6c65 5f74 7970 655f 626f oad_file_type_bo
> 0009c200: 6775 7322 0d0a 0d0a 6c69 6e6b 4f6e 65 gus"....linkOne
> {code}
> For SVG files at least, we should read only the binary part of the multipart
> request. For images, it's a real issue when uploading SVG files.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
