ofbiz-framework

Clone Tools
  • last updated a few minutes ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Fixed: Add 'controlPath' attribute to 'ofbizUrl' freemarker macro (OFBIZ-11317)

In some place, like at least themes/tomahawk/template/AppBarClose.ftl the CSRF

token is not generated. Because in those places OfbizUrlTransform is used.

An immediate solution is to add the CSRF token generation in OfbizUrlTransform

class.

A definitive solution is to complete OFBIZ-11229

"Merge UrlRegexpTransform and OfbizUrlTransform classes"

Fixed: Temporarily comment out the "stream" request-map in ecommerce controller for security reason (OFBIZ-11353)

A vulnerability has been reported to the OFBiz security team. To be able to

release the 17.12.01 version with this vulnerability fixed we need to

temporarily comment out the "stream" request-map in commonext controller.

We will later fix the specific issue to put back the functionalities allowed by

the "stream" request-map in this controller, see OFBIZ-11349

Fixed: Temporarily comment out the "stream" request-map in ecommerce controller for security reason (OFBIZ-11353)

A vulnerability has been reported to the OFBiz security team. To be able to

release the 17.12.01 version with this vulnerability fixed we need to

temporarily comment out the "stream" request-map in commonext controller.

We will later fix the specific issue to put back the functionalities allowed by

the "stream" request-map in this controller, see OFBIZ-11349

Fixed: Temporarily comment out the "stream" request-map in ecommerce controller for security reason (OFBIZ-11353)

A vulnerability has been reported to the OFBiz security team. To be able to

release the 17.12.01 version with this vulnerability fixed we need to

temporarily comment out the "stream" request-map in commonext controller.

We will later fix the specific issue to put back the functionalities allowed by

the "stream" request-map in this controller, see OFBIZ-11349

Documented: remove empty help files in Accounting (OFBIZ-10288)

Documented: Add help for main accounting screen at the end of intro (OFBIZ-10289)

Documented: Organization-Gl-Settings Docbook files migration to asciidoc format (OFBIZ-11352)

All the help files associated to it are called via include in the main

document

  1. … 21 more files in changeset.
Improved: Error in user impersonation with sub permission (OFBIZ-11342)

Improved javadoc

Set 'checkMultiLevelAdminPermissionValidity' visibility to default

Add another test verifying that hierarchy in permission is respected

Thanks Mathieu for your review

Improved: Error in user impersonation with sub permission (OFBIZ-11342)

Improved javadoc

Set 'checkMultiLevelAdminPermissionValidity' visibility to default

Add another test verifying that hierarchy in permission is respected

Thanks Mathieu for your review

Documented: Tax-AUthorities Docbook files migration to asciidoc format (OFBIZ-10291)

All the help files associated to it are called via include in the main

document

  1. … 4 more files in changeset.
Documented: Billing Account Docbook files migration to asciidoc format (OFBIZ-10293)

All the help files associated to it are called via include in the main

document

Documented: Payment-gateway Docbook files migration to asciidoc format (OFBIZ-10294)

All the help files associated to it are called via include in the main

document.

Merge (and call included) all helps about payment-gatway-config and

payment-gateway-transaction in this file

  1. … 4 more files in changeset.
Documented: Payments Docbook files migration to asciidoc format (OFBIZ-10294)

All the help files associated to it are called via include in the main

document

Revert "Fixed: Error in user impersonation with sub permission (OFBIZ-11342)"

This reverts commit 73b7abbd

Revert "Multi Part Input Parameters not Available in Groovy Event (OFBIZ-5048)"

This reverts commit 02d59bcd5b0b9040a2fda777d26c0879139ae646.

Revert "Multi Part Input Parameters not Available in Groovy Event (OFBIZ-5048)"

This reverts commit 832217135a4f1e6cffef2ef15d115f43613166bc.

Revert "Multi Part Input Parameters not Available in Groovy Event (OFBIZ-5048)"

This reverts commit 8af3e9ce6b4c8d003f760e60c17dfa371745b4fd.

Implemented: Add 'controlPath' attribute

(OFBIZ-11317)

added: Missed aspected in header.ftl in bluelight theme

(cherry picked from commit ae98498701a8c5e28e9b58af0bb3b64c4d2e511a)

Implemented: Add 'controlPath' attribute

(OFBIZ-11317)

added: Missed aspected in header.ftl in bluelight theme

Revert "Improved: Remove unused services from party/services_view.xml and PartyServices.java/.xml. (OFBIZ-9988)"

This reverts commit 00a5d3413a238e0d2b18f2e076cd90670a2e5f71.

Revert "Improved: Remove unused services from party/services_view.xml and PartyServices.java/.xml. (OFBIZ-9988)"

This reverts commit 00a5d3413a238e0d2b18f2e076cd90670a2e5f71.

Revert "Improved: Remove unused services from party/services_view.xml and PartyServices.java/.xml. (OFBIZ-9988)"

This reverts commit 00a5d3413a238e0d2b18f2e076cd90670a2e5f71.

Fixed: Error in user impersonation with sub permission (OFBIZ-11342)

Add unit tests for permission control feature.

Add new method to manage multilevel permission control.

This allowing an user with PARTYMGR_ADMIN permission to impersonate

another user with PARTYMGR_PCM_CREATE permission.

Fixed: Error in user impersonation with sub permission (OFBIZ-11342)

Add unit tests for permission control feature.

Add new method to manage multilevel permission control.

This allowing an user with PARTYMGR_ADMIN permission to impersonate

another user with PARTYMGR_PCM_CREATE permission.

Fixed: Error in user impersonation with sub permission (OFBIZ-11342)

Add unit tests for permission control feature.

Add new method to manage multilevel permission control.

This allowing an user with PARTYMGR_ADMIN permission to impersonate

another user with PARTYMGR_PCM_CREATE permission.

Fixed: Form widget field with input-method="time-dropdown" unable to understand the default time. (OFBIZ-11150)

Thanks Wiebke Pätzold for reporting and providing the patch.

Fixed: Form widget field with input-method="time-dropdown" unable to understand the default time. (OFBIZ-11150)

Thanks Wiebke Pätzold for reporting and providing the patch.

Fixed: Form widget field with input-method="time-dropdown" unable to understand the default time. (OFBIZ-11150)

Thanks Wiebke Pätzold for reporting and providing the patch.

Fixed: Unnecessary ship groups in orders. (OFBIZ-10489)

Thanks, Oleg Andreyev and Mohammad Kathawala for your contribution.

Fixed: Unnecessary ship groups in orders. (OFBIZ-10489)

Thanks, Oleg Andreyev and Mohammad Kathawala for your contribution.