From 81fd7c74c2d5465ee789191c2de06bb0818dd776 Mon Sep 17 00:00:00 2001
From: Jacques Le Roux <jacques.le.roux@les7arts.com>
Date: Tue, 10 Sep 2024 09:10:39 +0200
Subject: [PATCH] Fixed: Upload image size issue (OFBIZ-12639)

SecuredUpload::checkMaxLinesLength does not work when the charset used to create
the file is not the same than the one used when uploading. It's a know problem.

This at least allow images to be uploaded.

I'll check if we can improve the call in SecuredUpload::checkMaxLinesLength to
FileUtils.readLines() (Apachecommons.io) according to
http://illegalargumentexception.blogspot.com/2009/05/java-rough-guide-to-character-encoding.html#javaencoding_autodetect

See https://lists.apache.org/thread/dv4yjpknms5zd2l73wb8ht3s0db2wx2v for details

Conflict handled by hand, also adds from trunk "handling" of msoffice files
---
 .../java/org/apache/ofbiz/security/SecuredUpload.java     | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
index f6e17b871a6..a2d5e8f0e77 100644
--- a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
+++ b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
@@ -207,7 +207,13 @@ public static boolean isValidFile(String fileToCheck, String fileType, Delegator
         // PDF files are not concerned because they may contain several CharSet encodings
         // hence no possibility to use Files::readAllLines that needs a sole CharSet
         if (!isPdfFile(fileToCheck)) {
-            if (!checkMaxLinesLength(fileToCheck)) {
+            if (getMimeTypeFromFileName(fileToCheck).equals("application/x-tika-msoffice")) {
+                Debug.logError("File : " + fileToCheck + ", is a MS Office file."
+                        + " It can't be uploaded for security reason. Try to transform a Word file to PDF, "
+                        + "and an Excel file to CSV. For other file types try PDF.", MODULE);
+                return false;
+            }
+            if (!isValidImageIncludingSvgFile(fileToCheck) && !checkMaxLinesLength(fileToCheck)) {
                 Debug.logError("For security reason lines over " + MAXLINELENGTH.toString() + " are not allowed", MODULE);
                 return false;
             }