[OFBIZ-12929] OFBiz doesn't allow upload. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Implemented
Affects Version/s: Upcoming Branch
Fix Version/s: None
Component/s: accounting
Labels:
None

Description

In demo trunk and local with demo data in an existing agreement, no files of following type can be uploaded:

pdf
xlsx
pptx
docx

in screen a message as per attached image is shown, in the console following is shown:

2024-03-05 09:22:57,838 |jsse-nio-8443-exec-4 |SecuredUpload                 |E| For security reason lines over 10000 are not allowed
2024-03-05 09:22:57,838 |jsse-nio-8443-exec-4 |ServiceUtil                   |E| {errorMessage=For security reason only valid files of supported image formats (GIF, JPEG, PNG, TIFF), SVG, PDF, and ZIP or text files with safe names (only Alpha-Numeric characters, hyphen, underscore and spaces, only 1 dot, name and extension not empty) and contents are accepted., responseMessage=error}
2024-03-05 09:22:57,838 |jsse-nio-8443-exec-4 |ServiceDispatcher             |E| Error in Service [createAnonFile]: For security reason only valid files of supported image formats (GIF, JPEG, PNG, TIFF), SVG, PDF, and ZIP or text files with safe names (only Alpha-Numeric characters, hyphen, underscore and spaces, only 1 dot, name and extension not empty) and contents are accepted.
2024-03-05 09:22:57,839 |jsse-nio-8443-exec-4 |TransactionUtil               |W| Calling transaction setRollbackOnly; this stack trace shows where this is happening:
java.lang.Exception: Error in Service [createAnonFile]: For security reason only valid files of supported image formats (GIF, JPEG, PNG, TIFF), SVG, PDF, and ZIP or text files with safe names (only Alpha-Numeric characters, hyphen, underscore and spaces, only 1 dot, name and extension not empty) and contents are accepted.
        at org.apache.ofbiz.entity.transaction.TransactionUtil.setRollbackOnly(TransactionUtil.java:372) [main/:?]
        at org.apache.ofbiz.entity.transaction.TransactionUtil.rollback(TransactionUtil.java:306) [main/:?]
        at org.apache.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:577) [main/:?]
        at org.apache.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:244) [main/:?]
        at org.apache.ofbiz.service.GenericDispatcherFactory$GenericDispatcher.runSync(GenericDispatcherFactory.java:93) [main/:?]
        at org.apache.ofbiz.service.LocalDispatcher$runSync$0.call(Unknown Source) [main/:?]
        at org.apache.ofbiz.service.engine.GroovyBaseScript.runService(GroovyBaseScript.groovy:74) [main/:?]
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[?:?]
        at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
        at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
        at org.codehaus.groovy.runtime.callsite.PlainObjectMetaMethodSite.doInvoke(PlainObjectMetaMethodSite.java:48) [groovy-3.0.21.jar:3.0.21]
        at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite$PogoCachedMethodSite.invoke(PogoMetaMethodSite.java:166) [groovy-3.0.21.jar:3.0.21]
        at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.callCurrent(PogoMetaMethodSite.java:57) [groovy-3.0.21.jar:3.0.21]
        at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:51) [groovy-3.0.21.jar:3.0.21]
        at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.callCurrent(PogoMetaMethodSite.java:62) [groovy-3.0.21.jar:3.0.21]
        at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:194) [groovy-3.0.21.jar:3.0.21]
        at org.apache.ofbiz.service.engine.GroovyBaseScript.run(GroovyBaseScript.groovy:82) [main/:?]
        at org.apache.ofbiz.service.engine.GroovyBaseScript$run$3.callCurrent(Unknown Source) [main/:?]
        at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:51) [groovy-3.0.21.jar:3.0.21]
        at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:171) [groovy-3.0.21.jar:3.0.21]
        at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:185) [groovy-3.0.21.jar:3.0.21]
        at org.apache.ofbiz.content.data.DataServicesScript.saveLocalFileDataResource(DataServicesScript.groovy:274) [script:?]
        at org.apache.ofbiz.content.data.DataServicesScript$saveLocalFileDataResource.callCurrent(Unknown Source) [script:?]
        at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:51) [groovy-3.0.21.jar:3.0.21]
        at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:171) [groovy-3.0.21.jar:3.0.21]
        at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:185) [groovy-3.0.21.jar:3.0.21]
        at org.apache.ofbiz.content.data.DataServicesScript.attachUploadToDataResource(DataServicesScript.groovy:179) [script:?]
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[?:?]
        at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
        at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
        at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:107) [groovy-3.0.21.jar:3.0.21]
        at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:323) [groovy-3.0.21.jar:3.0.21]
        at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1254) [groovy-3.0.21.jar:3.0.21]
        at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1030) [groovy-3.0.21.jar:3.0.21]
        at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:814) [groovy-3.0.21.jar:3.0.21]
        at groovy.lang.GroovyObject.invokeMethod(GroovyObject.java:39) [groovy-3.0.21.jar:3.0.21]
        at groovy.lang.Script.invokeMethod(Script.java:96) [groovy-3.0.21.jar:3.0.21]
        at org.apache.ofbiz.service.engine.GroovyEngine.runSync(GroovyEngine.java:110) [main/:?]
        at org.apache.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:428) [main/:?]
        at org.apache.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:244) [main/:?]
        at org.apache.ofbiz.service.group.GroupServiceModel.invoke(GroupServiceModel.java:121) [main/:?]
        at org.apache.ofbiz.service.group.GroupModel.runAll(GroupModel.java:172) [main/:?]
        at org.apache.ofbiz.service.group.GroupModel.run(GroupModel.java:135) [main/:?]
        at org.apache.ofbiz.service.group.ServiceGroupEngine.runSync(ServiceGroupEngine.java:54) [main/:?]
        at org.apache.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:428) [main/:?]
        at org.apache.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:244) [main/:?]
        at org.apache.ofbiz.service.group.GroupServiceModel.invoke(GroupServiceModel.java:121) [main/:?]
        at org.apache.ofbiz.service.group.GroupModel.runAll(GroupModel.java:172) [main/:?]
        at org.apache.ofbiz.service.group.GroupModel.run(GroupModel.java:135) [main/:?]
        at org.apache.ofbiz.service.group.ServiceGroupEngine.runSync(ServiceGroupEngine.java:54) [main/:?]
        at org.apache.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:428) [main/:?]
        at org.apache.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:244) [main/:?]
        at org.apache.ofbiz.service.GenericDispatcherFactory$GenericDispatcher.runSync(GenericDispatcherFactory.java:93) [main/:?]
        at org.apache.ofbiz.webapp.event.ServiceEventHandler.invoke(ServiceEventHandler.java:254) [main/:?]
        at org.apache.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:1078) [main/:?]
        at org.apache.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:678) [main/:?]
        at org.apache.ofbiz.webapp.control.ControlServlet.handle(ControlServlet.java:231) [main/:?]
        at org.apache.ofbiz.webapp.control.ControlServlet.doPost(ControlServlet.java:81) [main/:?]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:555) [tomcat-servlet-api-9.0.82.jar:4.0.FR]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:623) [tomcat-servlet-api-9.0.82.jar:4.0.FR]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:209) [tomcat-catalina-9.0.82.jar:9.0.82]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [tomcat-catalina-9.0.82.jar:9.0.82]
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51) [tomcat-embed-websocket-9.0.82.jar:9.0.82]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [tomcat-catalina-9.0.82.jar:9.0.82]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [tomcat-catalina-9.0.82.jar:9.0.82]
        at org.apache.ofbiz.webapp.control.SameSiteFilter.doFilter(SameSiteFilter.java:45) [main/:?]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [tomcat-catalina-9.0.82.jar:9.0.82]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [tomcat-catalina-9.0.82.jar:9.0.82]
        at org.apache.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:188) [main/:?]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [tomcat-catalina-9.0.82.jar:9.0.82]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [tomcat-catalina-9.0.82.jar:9.0.82]
        at org.apache.ofbiz.webapp.control.ControlFilter.doFilter(ControlFilter.java:176) [main/:?]
        at javax.servlet.http.HttpFilter.doFilter(HttpFilter.java:53) [tomcat-servlet-api-9.0.82.jar:4.0.FR]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [tomcat-catalina-9.0.82.jar:9.0.82]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [tomcat-catalina-9.0.82.jar:9.0.82]
        at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) [log4j-web-2.20.0.jar:2.20.0]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [tomcat-catalina-9.0.82.jar:9.0.82]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [tomcat-catalina-9.0.82.jar:9.0.82]
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168) [tomcat-catalina-9.0.82.jar:9.0.82]
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) [tomcat-catalina-9.0.82.jar:9.0.82]
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481) [tomcat-catalina-9.0.82.jar:9.0.82]
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130) [tomcat-catalina-9.0.82.jar:9.0.82]
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) [tomcat-catalina-9.0.82.jar:9.0.82]
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [tomcat-catalina-9.0.82.jar:9.0.82]
        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:670) [tomcat-catalina-9.0.82.jar:9.0.82]
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) [tomcat-catalina-9.0.82.jar:9.0.82]
        at org.apache.coyote.http2.StreamProcessor.service(StreamProcessor.java:432) [tomcat-coyote-9.0.82.jar:9.0.82]
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) [tomcat-coyote-9.0.82.jar:9.0.82]
        at org.apache.coyote.http2.StreamProcessor.process(StreamProcessor.java:90) [tomcat-coyote-9.0.82.jar:9.0.82]
        at org.apache.coyote.http2.StreamRunnable.run(StreamRunnable.java:35) [tomcat-coyote-9.0.82.jar:9.0.82]
        at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) [tomcat-util-9.0.82.jar:9.0.82]
        at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) [tomcat-util-9.0.82.jar:9.0.82]
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util-9.0.82.jar:9.0.82]
        at java.lang.Thread.run(Thread.java:833) [?:?]
2024-03-05 09:22:57,840 |jsse-nio-8443-exec-4 |ServiceDispatcher             |T| Sync service [accounting/createAnonFile] finished in [3] milliseconds
2024-03-05 09:22:57,840 |jsse-nio-8443-exec-4 |ServiceUtil                   |E| {errorMessage=For security reason only valid files of supported image formats (GIF, JPEG, PNG, TIFF), SVG, PDF, and ZIP or text files with safe names (only Alpha-Numeric characters, hyphen, underscore and spaces, only 1 dot, name and extension not empty) and contents are accepted., responseMessage=error}
2024-03-05 09:22:57,840 |jsse-nio-8443-exec-4 |ServiceDispatcher             |E| Error in Service [attachUploadToDataResource]: For security reason only valid files of supported image formats (GIF, JPEG, PNG, TIFF), SVG, PDF, and ZIP or text files with safe names (only Alpha-Numeric characters, hyphen, underscore and spaces, only 1 dot, name and extension not empty) and contents are accepted.
2024-03-05 09:22:57,840 |jsse-nio-8443-exec-4 |TransactionUtil               |I| Transaction rollback only not set, rollback only is already set.
2024-03-05 09:22:57,840 |jsse-nio-8443-exec-4 |ServiceDispatcher             |T| Sync service [accounting/attachUploadToDataResource] finished in [12] milliseconds
2024-03-05 09:22:57,840 |jsse-nio-8443-exec-4 |GroupModel                    |E| Grouped service [attachUploadToDataResource] failed.
2024-03-05 09:22:57,840 |jsse-nio-8443-exec-4 |ServiceDispatcher             |E| Error in Service [createContentFromUploadedFile]: For security reason only valid files of supported image formats (GIF, JPEG, PNG, TIFF), SVG, PDF, and ZIP or text files with safe names (only Alpha-Numeric characters, hyphen, underscore and spaces, only 1 dot, name and extension not empty) and contents are accepted.
2024-03-05 09:22:57,840 |jsse-nio-8443-exec-4 |TransactionUtil               |I| Transaction rollback only not set, rollback only is already set.
2024-03-05 09:22:5// code placeholder

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

Screenshot 2024-03-05 at 09.18.27.png
05/Mar/24 08:25
221 kB
Pierre Smits

Activity

People

Assignee:: Jacques Le Roux

Reporter:: Pierre Smits

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 05/Mar/24 08:30

Updated:: 14/Mar/24 09:02

Resolved:: 14/Mar/24 09:02