Hi Jaqcues, may I ask how did you setup the values in catalog.properties? And how does the url of the uploaded image look like.
Thanks! Best regards Ingo -----Ursprüngliche Nachricht----- Von: Jacques Le Roux <[email protected]> Gesendet: Donnerstag, 17. März 2022 17:21 An: [email protected] Betreff: Re: AW: AW: AW: distTar Hi Ingo, I see you are using multitenant, right? Maybe it's the reason Because it works here, as you can see at https://user-images.githubusercontent.com/557941/158845946-08df08f0-ee91-4cf1-8756-4092113015ce.png HTH Jaqcues Le 17/03/2022 à 08:06, Ingo Wolfmayr a écrit : > Hi Jacques, > > I refere to the default product images uploaded via the upload form on > EditProductContent. The images are correctly uploaded and scaled. They > cannot be viewed for example on the same screen (preview images). > > Example: > Upload to: /images/tenant/demo/products/demoproduct/small.JPG > Views via: > https://mydomain/images/tenant/demo/products/demoproduct/small.JPG > > If the are not uploaded in the webapp folder that referes to the web-path > /images they will not be displayed. > > Content images are handled differently - > https://mydomain/stream?contentId=10000 > > Best regards, > Ingo > > > -----Ursprüngliche Nachricht----- > Von: Jacques Le Roux <[email protected]> > Gesendet: Donnerstag, 17. März 2022 07:53 > An: [email protected] > Betreff: Re: AW: AW: distTar > > Hi Ingo, > > What images are you speaking about and from where do you try to view these > images? > > As a 1st step, I guess it's products images. If it's additional imaged added > through product/content you should be able to see them on ecommerce site. > > Note: I'm currently reviewing the situation of "images" and will get back to > that later on dev ML with maybe a copy here too... > > Jacques > > Le 16/03/2022 à 10:41, Ingo Wolfmayr a écrit : >> Hi Jaques, >> >> I have one more question to the image path: When I set the >> "image.server.path" to for example "/home/ofbiz/images" the file is >> uploaded fine - the files are in the right path. Unfortunately >> viewing the image requires it to be available via a webpath as by >> default /images >> >> Do you have a recommendation on how to set it up correctly? >> >> Best regards, >> Ingo >> >> -----Ursprüngliche Nachricht----- >> Von: Jacques Le Roux <[email protected]> >> Gesendet: Freitag, 11. Februar 2022 19:06 >> An: [email protected] >> Betreff: Re: AW: distTar >> >> Hi Ingo, All, >> >> To clarify my thoughts and message. >> >> Actually I was wrong when I said that "a feature was lost when common-theme >> was put in". The rest is right. This feature is the possibility, through >> image.server.path property in catalog.properties file, to place the images, >> and other the static files as well, in a location that fits with you for any >> reason. Notably following the NSA recommendation to place it in "a non-web >> accessible area". This to prevent webshell uploads and all kind of other >> malicious files uploads. The same is true for the other property >> image.management.path. >> >> So the fact that before common-theme was put in, with the folder for images >> /themes/common/images/webapp/images/, this folder was >> /framework/images/webapp/images/ has nothing to do with "a non-web >> accessible area". That's you to decide... >> >> There is also a ${tenantId} var used in image.server.path property that is >> used in case of multi-tenant, that's another thing. >> >> So I finally don't think it's necessary to put the images and >> image.management in runtime. This would add nothing. I'll remove the >> FIXMEs >> >> Jacques >> >> Le 07/02/2022 à 19:37, Ingo Wolfmayr a écrit : >>> Hi Jacques, >>> >>> thanks for the fast response. I will do it exactly as you say. >>> >>> Best regards >>> Ingo >>> >>> >>> -----Ursprüngliche Nachricht----- >>> Von: Jacques Le Roux<[email protected]> >>> Gesendet: Montag, 7. Februar 2022 19:21 An:[email protected] >>> Betreff: Re: distTar >>> >>> Hi Ingo, >>> >>> You don't need to use >>> >>> ./gradlew "ofbiz start" >>> >>> ./gradlew ofbiz >>> is enough and does not generate zip/tar. >>> >>> This said I'm currently working on a feature that was lost when >>> common-theme was put in. Fortunately tt was then documented by these >>> FIXMEs #FIXME the image server path need to be moved on runtime >>> #FIXME the image management path need to be moved on runtime >>> >>> The idea is to not have the images under OFBiz tree but in a specific >>> location unrelated to OFBiz. >>> >>> I'm actually also working on this for security reason. It's a NSA >>> recommendation*: >>> >>> <<Officials explained that web applications should not be given >>> permissions to write directly to a web accessible directory or modify web >>> accessible code. >>> “Attackers are unable to upload a web shell to a vulnerable >>> application if the web server blocks access to the web accessible >>> directory,” >>> according to the guidance. “To preserve functionality, some web >>> applications require configuration changes to save uploads to a non-web >>> accessible >>> area.”>> >>> >>> “To preserve functionality, some web applications require configuration >>> changes to save uploads to a non-web accessible area.” That's exactly what >>> we lost with common-theme. Fortunately it was documented and I stumbled >>> upon it while working on related security issues. >>> >>> Having images, and at large static files, in a specific location can also >>> allow to speed things... >>> >>> >>> HTH >>> >>> Jacques >>> *https://healthitsecurity.com/news/nsa-shares-guide-to-web-shell-mal >>> w >>> a >>> re-vulnerabilities-mitigation >>> >>> >>> Le 07/02/2022 à 17:56, Ingo Wolfmayr a écrit : >>>> Hi everybody, >>>> >>>> I have a question about building ofbiz. In previous versions for example >>>> 17.12 I had the following process: >>>> >>>> ./gradlew build (build the project and see if everything is fine) >>>> ./gradlew "ofbiz start" >>>> >>>> Now I am working with the current trunk and when I start ./gradlew build >>>> it starts "disttar" and generates a .tar and a .zip. As I have lots of >>>> images in a project it uses lots of disk space and time. Is my process >>>> wrong? Is there "correct" way of how it should be done? >>>> >>>> Thanks for every hint. >>>> >>>> Best regards, >>>> Ingo >>>> >>>>
