Fixed: [FB] Find Security Bugs
(OFBIZ-9973)
FindBugs is now deprecated and replaced by Spotbugs
Last time I forgot to encode productId as reported by Man Yue Mo from Semmle
This eventually fixes the "Relative path traversal" issue reported by Spotbugs
by encoding the whole file name.
Nevertheless Spotbugs continues to report the same issue in trunk but not in R16
I have not ideas why and I see no other possible issue.
I will backport and check again.
|
ofbiz/ofbiz-framework/trunk/applications/product/src/main/java/org/apache/ofbiz/product/imagemanagement/FrameImage.java