From 7c9164a24bc6ef3ecbbe99f06f19f4c6c97a1362 Mon Sep 17 00:00:00 2001
From: Jacques Le Roux <jacques.le.roux@les7arts.com>
Date: Thu, 12 Sep 2024 10:58:55 +0200
Subject: [PATCH] Improved: SecuredUpload, impossible to upload a text file in
 the "All" case (OFBIZ-13139)

Small change, it's better to call isPdfFile() inside isValidPdfFile()
---
 .../main/java/org/apache/ofbiz/security/SecuredUpload.java | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
index 1a276dc6b0..8e83b452bb 100644
--- a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
+++ b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
@@ -331,7 +331,7 @@ Also, the file may have been created using another charset than the one used to
                     || isValidCompressedFile(fileToCheck, delegator)
                     || isValidAudioFile(fileToCheck)
                     || isValidVideoFile(fileToCheck)
-                    || isPdfFile(fileToCheck) && isValidPdfFile(fileToCheck)
+                    || isValidPdfFile(fileToCheck)
                     || isValidCsvFile(fileToCheck)) {
                 return true;
             }
@@ -501,6 +501,7 @@ private static boolean isPdfFile(String fileName) {
             new PdfReader(file.getAbsolutePath()); // Just a check
             return true;
         } catch (Exception e) {
+            // If it's not a PDF then exception will be thrown and return will be false
             return false;
         }
     }
@@ -510,6 +511,9 @@ private static boolean isPdfFile(String fileName) {
      * @return true if it's a safe PDF file: is a PDF, and contains only 1 embedded readable (valid and secure) XML file (zUGFeRD)
      */
     private static boolean isValidPdfFile(String fileName) {
+        if (!isPdfFile(fileName)) {
+            return false;
+        }
         File file = new File(fileName);
         boolean safeState = false;
         boolean canParseZUGFeRD = true;
@@ -518,7 +522,6 @@ private static boolean isValidPdfFile(String fileName) {
                 return safeState;
             }
             // Load stream in PDF parser
-            // If the stream is not a PDF then exception will be thrown and safe state will be set to FALSE
             PdfReader reader = new PdfReader(file.getAbsolutePath());
             // Check 1: detect if the document contains any JavaScript code
             String jsCode = reader.getJavaScript();