Clone Tools
  • last updated a few minutes ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Improved: Corrected some line is longer than 150 characters checkstyle issues in applications component. Also fixed some extra spaces and naming conventions related checkstyle issues. (OFBIZ-11921)

  1. … 90 more files in changeset.
Improved: Convert testCreateAndUpdateContactList test from XML to Groovy(OFBIZ-11877)

Thanks, Jacques for the review.

    • -93
    • +0
    ./minilang/marketing/test/MarketingTests.xml
Improved: Corrected all incorrect indentation level issues in application component, also fixed some case indentation checkstyle issues. (OFBIZ-11922)

  1. … 97 more files in changeset.
Improved: Corrected some single line statements to fix checkstyle issues, also removed some remaining extra spaces from code to avoid checkstyle erros in applications component. (OFBIZ-11886)

  1. … 69 more files in changeset.
Improved: Use Error.ftl everywhere it's not yet used (OFBIZ-11890)

Removes all error*.jsp reference, no longer used

    • -27
    • +0
    ./webapp/marketing/error/error403.jsp
    • -27
    • +0
    ./webapp/marketing/error/error404.jsp
  1. … 18 more files in changeset.
Improved: Corrected all checkstyle formatting issues: 'typecast' is not followed by whitespace in applications component. (OFBIZ-11887)

  1. … 109 more files in changeset.
Improved: Use Error.ftl everywhere it's not yet used (OFBIZ-11890)

Removes ashes in web.xml files

  1. … 2 more files in changeset.
Improved: Corrected checkstyle formatting issues, 'is preceded/not preceded with whitespace' for applications component. (OFBIZ-11874) This fixes following checkstyle issues: '{' is not preceded with whitespace. '{' is not followed by whitespace. '}' is not followed by whitespace. '}' is not preceded with whitespace. 'typecast' is not followed by whitespace. 'try' is not followed by whitespace. ';' is preceded with whitespace.

  1. … 105 more files in changeset.
Improved: Corrected all 'if is not followed by whitespace' checkstyle errors. Also corrected few ', is not followed by whitespace' checkstyle errors in applications component. (OFBIZ-11805) Thanks Jacques Le Roux and Ritesh Kumar for review.

  1. … 46 more files in changeset.
Improved: Cannot find the declaration of element 'web-app' in version 3.0 files. (OFBIZ-6993)

I missed to backport changes web.xml (was OK in plugins)

  1. … 23 more files in changeset.
Documented: migrate help link to asciidoc user manual for SFA (OFBIZ-11577)

All files have been migrated to asciidoc format and help link now point

to the html file generated from the asciidoc files

In the global Help Docbook index tree, remove all points about

SFA and add a short page with a link to the new help

Remove docbook help files for SFA

    • -32
    • +0
    ./data/helpdata/HELP_SFA_FindAccounts.xml
    • -32
    • +0
    ./data/helpdata/HELP_SFA_FindContacts.xml
    • -32
    • +0
    ./data/helpdata/HELP_SFA_FindLeads.xml
Documented: migrate help link to asciidoc user manual for marketing (OFBIZ-11577)

All files have been migrated to asciidoc format and help link now point

to the html file generated from the asciidoc files

In the global Help Docbook index tree, remove all points about

marketing and add a short page with a link to the new help

Remove docbook help files for marketing

    • -0
    • +38
    ./data/HELP_MARKETING.xml
    • -46
    • +0
    ./data/helpdata/HELP_MARKETING_EditContactList.xml
    • -38
    • +0
    ./data/helpdata/HELP_MARKETING_FindContactLists.xml
    • -41
    • +0
    ./data/helpdata/HELP_MARKETING_ImportContactListParties.xml
    • -32
    • +0
    ./data/helpdata/HELP_MARKETING_main.xml
Improved: Replace explicit type argument with diamond operator(OFBIZ-11828)

Since Java 1.7, when defining generic types it is unnecessary to redefine those types in the constructor when it is already done in the declared type.

  1. … 19 more files in changeset.
Improved: Changed resources with proper naming convention in all application components. (OFBIZ-11739) Also, made MODULE as private data member of class instead of public. This will reduce checkstlye issues. Thanks Jacques for review.

  1. … 219 more files in changeset.
Improved: Added UI labels for success/error messages for humanres, marketing, order component. (OFBIZ-7696) Thanks Deepak Nigam for reporting and Sourabh Punyani for the patch.

  1. … 4 more files in changeset.
Improved: Added UI labels for success/error messages for humanres, marketing, order component. (OFBIZ-7696) Thanks Deepak Nigam for reporting and Sourabh Punyani for the patch.

  1. … 4 more files in changeset.
Improved: Converted all TrackingCodeOrder related CRUD services from simple to entity-auto (#92)

* Improved: Converted all TrackingCodeOrder related CRUD services from simple to entity-auto

(OFBIZ-11625)

Improved: Converted all TrackingCodeOrderReturn related CRUD services from simple to entity-auto (#89)

* Improved: Converted all TrackingCodeOrderReturn related CRUD services from simple to entity-auto

(OFBIZ-11623)

Improved: Converted all TrackingCodeType entities from simple to entity-auto (#87)

* Improved: Converted all TrackingCodeType entities from simple to entity-auto

(OFBIZ-11615)

Improved: Convert LeadServices.xml mini lang to groovy

(OFBIZ-11572)

    • -0
    • +201
    ./groovyScripts/sfa/lead/LeadServices.groovy
    • -221
    • +0
    ./minilang/sfa/lead/LeadServices.xml
  1. … 2 more files in changeset.
Improved: Converted AccountServices from mini lang to groovy

(OFBIZ-11413)

Added ServiceDefs createPartyContactMechs and createPartyGroupRoleAndContactMechs.

Also converted createPartyGroupRoleAndContactMechs because it is used in AccountServies and needed more return values.

    • -0
    • +44
    ./groovyScripts/sfa/account/AccountServices.groovy
    • -36
    • +0
    ./minilang/sfa/account/AccountServices.xml
  1. … 2 more files in changeset.
Documented: Check all docbook file in each applications-component documents directory (OFBIZ-11587)

remove all files

  1. … 8 more files in changeset.
Documented: Check all docbook file in each applications-component documents directory (OFBIZ-11587)

theses files have no content except for marketing component (2

sentences, migrated to overview for marketing and sfa)

Improved: replaces module by MODULE everywhere

  1. … 681 more files in changeset.
Documented: SFA migration to asciidoc (OFBIZ-11577)

For all of HELP_SFA files content has been directly put in

sfa.adoc

    • -0
    • +45
    ./src/docs/asciidoc/sfa.adoc
  1. … 1 more file in changeset.
Documented: Marketing migration to asciidoc and new documentation organization (OFBIZ-11577)

Main files and ContactList

    • -0
    • +36
    ./src/docs/asciidoc/_include/HELP_EditContactList.adoc
    • -0
    • +28
    ./src/docs/asciidoc/_include/HELP_FindContactLists.adoc
    • -0
    • +32
    ./src/docs/asciidoc/_include/HELP_ImportContactListParties.adoc
    • -0
    • +31
    ./src/docs/asciidoc/_include/marketing_ContactLists.adoc
    • -0
    • +51
    ./src/docs/asciidoc/marketing.adoc
  1. … 1 more file in changeset.
Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.

(OFBIZ-11470)

As reported by OWASP ZAP:

A cookie has been set without the SameSite attribute, which means that the

cookie can be sent as a result of a 'cross-site' request. The SameSite attribute

is an effective counter measure to cross-site request forgery, cross-site script

inclusion, and timing attacks.

The solution was not obvious in OFBiz for 2 reasons:

1. There is no HttpServletResponse::setHeader. So we need to use a filter

(SameSiteFilter) and even that is not enough because of 2:

2. To prevent session fixation we force Tomcat to generates a new jsessionId,

ultimately put in cookie, in LoginWorker::login. So we need to add a call to

SameSiteFilter::addSameSiteCookieAttribute in

UtilHttp::setResponseBrowserDefaultSecurityHeaders.

  1. … 15 more files in changeset.
Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.

(OFBIZ-11470)

As reported by OWASP ZAP:

A cookie has been set without the SameSite attribute, which means that the

cookie can be sent as a result of a 'cross-site' request. The SameSite attribute

is an effective counter measure to cross-site request forgery, cross-site script

inclusion, and timing attacks.

The solution was not obvious in OFBiz for 2 reasons:

1. There is no HttpServletResponse::setHeader. So we need to use a filter

(SameSiteFilter) and even that is not enough because of 2:

2. To prevent session fixation we force Tomcat to generates a new jsessionId,

ultimately put in cookie, in LoginWorker::login. So we need to add a call to

SameSiteFilter::addSameSiteCookieAttribute in

UtilHttp::setResponseBrowserDefaultSecurityHeaders.

  1. … 15 more files in changeset.
Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.

(OFBIZ-11470)

As reported by OWASP ZAP:

A cookie has been set without the SameSite attribute, which means that the

cookie can be sent as a result of a 'cross-site' request. The SameSite attribute

is an effective counter measure to cross-site request forgery, cross-site script

inclusion, and timing attacks.

The solution was not obvious in OFBiz for 2 reasons:

1. There is no HttpServletResponse::setHeader. So we need to use a filter

(SameSiteFilter) and even that is not enough because of 2:

2. To prevent session fixation we force Tomcat to generates a new jsessionId,

ultimately put in cookie, in LoginWorker::login. So we need to add a call to

SameSiteFilter::addSameSiteCookieAttribute in

UtilHttp::setResponseBrowserDefaultSecurityHeaders.

  1. … 15 more files in changeset.
Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.

(OFBIZ-11470)

As reported by OWASP ZAP:

A cookie has been set without the SameSite attribute, which means that the

cookie can be sent as a result of a 'cross-site' request. The SameSite attribute

is an effective counter measure to cross-site request forgery, cross-site script

inclusion, and timing attacks.

The solution was not obvious in OFBiz for 2 reasons:

1. There is no HttpServletResponse::setHeader. So we need to use a filter

(SameSiteFilter) and even that is not enough because of 2:

2. To prevent session fixation we force Tomcat to generates a new jsessionId,

ultimately put in cookie, in LoginWorker::login. So we need to add a call to

SameSiteFilter::addSameSiteCookieAttribute in

UtilHttp::setResponseBrowserDefaultSecurityHeaders.

  1. … 15 more files in changeset.