[OFBIZ-13190] PDF-Check: Just delete unsafe PDF files - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Done
Affects Version/s: Upcoming Branch
Fix Version/s: None
Component/s: framework/security
Labels:
None

Description

This refers to the implementation within SecuredUpload.java:

Currently, all PDF files are deleted after the check within isValidPdfFile - regardless of whether they have been successfully validated or not. As with other format validations, we should keep the valid files directly so that they can be processed afterwards. The mentioned behavior was introduced by https://github.com/apache/ofbiz-framework/commit/c3653d51ae88e6a0069bb750d8d36c7fa0e4e1a7:

file = new File(fileName);
file.delete();

At first I planned to change the implementation to just delete the PDF file within isValidPdfFile if the PDF's safeState is false. Then I found out that the file deletion already happens withn isValidFile (deleteBadFile) - hence there is no need to delete the invalid file within the PDF check itself.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

do-not-delete-valid-pdf-file.diff
06/Dec/24 08:38
0.6 kB
Sixty One

Activity

People

Assignee:: Jacques Le Roux

Reporter:: Sixty One

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 06/Dec/24 08:38

Updated:: 06/Dec/24 10:25

Resolved:: 06/Dec/24 10:25