Clone Tools
  • last updated 14 mins ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Improved: Status ID checkbox for FindEmploymentApps, FindPartyQuals and FindEmplLeaves forms (OFBIZ-11937)

Improved: Corrected some line is longer than 150 characters checkstyle issues in applications component. Also fixed some extra spaces and naming conventions related checkstyle issues. (OFBIZ-11921)

  1. … 91 more files in changeset.
Improved: Use Error.ftl everywhere it's not yet used (OFBIZ-11890)

Removes all error*.jsp reference, no longer used

    • -26
    • +0
    ./webapp/humanres/error/error403.jsp
    • -26
    • +0
    ./webapp/humanres/error/error404.jsp
  1. … 20 more files in changeset.
Improved: Corrected all checkstyle formatting issues: 'typecast' is not followed by whitespace in applications component. (OFBIZ-11887)

  1. … 110 more files in changeset.
Improved: Corrected all checkstyle formatting issues: Line has trailing spaces in applications component. (OFBIZ-11880) Thanks Jacques for review.

  1. … 107 more files in changeset.
Improved: Corrected checkstyle formatting issues, 'is preceded/not preceded with whitespace' for applications component. (OFBIZ-11874) This fixes following checkstyle issues: '{' is not preceded with whitespace. '{' is not followed by whitespace. '}' is not followed by whitespace. '}' is not preceded with whitespace. 'typecast' is not followed by whitespace. 'try' is not followed by whitespace. ';' is preceded with whitespace.

  1. … 105 more files in changeset.
Improved: Corrected all checkstyle issues related to succeeding space for comma in applications directory. (OFBIZ-11805) Thanks Jacques and Ritesh Kumar for review.

  1. … 51 more files in changeset.
Improved: Corrected all 'if is not followed by whitespace' checkstyle errors. Also corrected few ', is not followed by whitespace' checkstyle errors in applications component. (OFBIZ-11805) Thanks Jacques Le Roux and Ritesh Kumar for review.

  1. … 46 more files in changeset.
Fixed: Added employee lookup to search/select employee(person) while creating new employment. This will also fixed the issue of party groups being selected as a employee. (OFBIZ-11697) (#210)

    • -0
    • +2
    ./webapp/humanres/WEB-INF/controller.xml
  1. … 2 more files in changeset.
Improved: Cannot find the declaration of element 'web-app' in version 3.0 files. (OFBIZ-6993)

I missed to backport changes web.xml (was OK in plugins)

  1. … 24 more files in changeset.
Documented: remove docbook help files for humanres (OFBIZ-11587)

All files have been migrated to asciidoc format and help link now point

to the html file generated from the asciidoc files

In the global Help Docbook index tree, remove all points about

humanres and add a short page with a link to the new help

    • -37
    • +0
    ./data/helpdata/HELP_HR_EditEmployment.xml
  1. … 10 more files in changeset.
Improved: Headerize external script in multi-block html template (OFBIZ-11741)

Allow external scripts within the multi-block html template, to be rendered

within the html head tag, when a new attribute data-import is set to “head”

Thanks: Jacques for review

  1. … 20 more files in changeset.
Improved: Changed resources with proper naming convention in all application components. (OFBIZ-11739) Also, made MODULE as private data member of class instead of public. This will reduce checkstlye issues. Thanks Jacques for review.

  1. … 222 more files in changeset.
Fixed: organisation tree in humanres doesn't show person names (OFBIZ-11677) (#121)

* Fixed: Tree on main page of the humanres component doesn't show names of persons

(OFBIZ-11677)

When parties are assigned to employee positions their names aren't shown in the tree

fixed: the function that retrieves the person record of the assigned party was using

the wrong variable in the query, resulting in a null being returned. Corrected the variable

added/improved: retrieval of the middleName value of the person record, added it to the title

improved: ordering of the names making up the title.

improved: applying proper case to variable names

* Fixed: Tree on main page of the humanres component doesn't show names of persons

(OFBIZ-11677)

invoking PartyHelper.getPartyName instead of custom code

code clean-up

Thanks to Pawan Verma for the review and the suggestion

Fixed: organisation tree in humanres doesn't show person names (OFBIZ-11677) (#121)

* Fixed: Tree on main page of the humanres component doesn't show names of persons

(OFBIZ-11677)

When parties are assigned to employee positions their names aren't shown in the tree

fixed: the function that retrieves the person record of the assigned party was using

the wrong variable in the query, resulting in a null being returned. Corrected the variable

added/improved: retrieval of the middleName value of the person record, added it to the title

improved: ordering of the names making up the title.

improved: applying proper case to variable names

* Fixed: Tree on main page of the humanres component doesn't show names of persons

(OFBIZ-11677)

invoking PartyHelper.getPartyName instead of custom code

code clean-up

Thanks to Pawan Verma for the review and the suggestion

Improved: Added UI labels for success/error messages for humanres, marketing, order component. (OFBIZ-7696) Thanks Deepak Nigam for reporting and Sourabh Punyani for the patch.

  1. … 4 more files in changeset.
Improved: Added UI labels for success/error messages for humanres, marketing, order component. (OFBIZ-7696) Thanks Deepak Nigam for reporting and Sourabh Punyani for the patch.

  1. … 4 more files in changeset.
Improved: All the service level error messages for missing required field for humanares component. (OFBIZ-8716) Thanks Jagpreet for reporting and Prasheel for providing the initial patch

Improved: All the service level error messages for missing required field for humanares component. (OFBIZ-8716) Thanks Jagpreet for reporting and Prasheel for providing the initial patch

Improved: Apply multi-block attr to each application (OFBIZ-11706)

Revert multi-block attr on RemoveInternalOrg.ftl, to fix

regression for HR tree.

There is no inline script causing CSP issue in the 1st place.

Thanks: Olivier for reporting

Improved: Apply multi-block attr to each application (OFBIZ-11706)

For Accounting, Content, HR, Manufacturing.

  1. … 16 more files in changeset.
Improved: Converted all EmplLeave related CRUD services from simple to entity-auto (#97)

(OFBIZ-11630)

Also, added comments for similar types entity-auto services and clubbed them for better visibility.

Improved: Converted all SalaryStep related CRUD services from simple to entity-auto (#98)

Improved: Converted all SalaryStep related CRUD services from simple to entity-auto

(OFBIZ-11631)

Documented: Check all docbook file in each applications-component documents directory (OFBIZ-11587)

remove all files

  1. … 8 more files in changeset.
Improved: replaces module by MODULE everywhere

  1. … 684 more files in changeset.
Revert "Merge branch 'JacquesLeRoux-POC-for-CSRF-Token-OFBIZ-11306' into trunk"

This reverts commit 27e57522b15d71352c61919befc6eb451ed4e864.

  1. … 27 more files in changeset.
Revert "Merge branch 'JacquesLeRoux-POC-for-CSRF-Token-OFBIZ-11306' into trunk"

This reverts commit 0add8bedbca231ffd839eb733f1041ce5487e9d6.

  1. … 37 more files in changeset.
Merge branch 'JacquesLeRoux-POC-for-CSRF-Token-OFBIZ-11306' into trunk Because of GitHub message on PR56: This branch cannot be rebased due to conflicts

Much Conflicts, but that should be OK

  1. … 27 more files in changeset.
Merge branch 'JacquesLeRoux-POC-for-CSRF-Token-OFBIZ-11306' into trunk Because of GitHub message on PR56: This branch cannot be rebased due to conflicts

Conflicts handled by hand

RequestHandler.java

  1. … 37 more files in changeset.
Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.

(OFBIZ-11470)

As reported by OWASP ZAP:

A cookie has been set without the SameSite attribute, which means that the

cookie can be sent as a result of a 'cross-site' request. The SameSite attribute

is an effective counter measure to cross-site request forgery, cross-site script

inclusion, and timing attacks.

The solution was not obvious in OFBiz for 2 reasons:

1. There is no HttpServletResponse::setHeader. So we need to use a filter

(SameSiteFilter) and even that is not enough because of 2:

2. To prevent session fixation we force Tomcat to generates a new jsessionId,

ultimately put in cookie, in LoginWorker::login. So we need to add a call to

SameSiteFilter::addSameSiteCookieAttribute in

UtilHttp::setResponseBrowserDefaultSecurityHeaders.

  1. … 15 more files in changeset.