Clone Tools
  • last updated a few minutes ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Fixed: Double encoded urls are not being decoded (OFBIZ-11822)

This was broken by OFBIZ-10275

Thanks: Alex Bodnaru

Fixed: Double encoded urls are not being decoded (OFBIZ-11822)

This was broken by OFBIZ-10275

Thanks: Alex Bodnaru

Fixed: Double encoded urls are not being decoded (OFBIZ-11822)

This was broken by OFBIZ-10275

Thanks: Alex Bodnaru

Improved: Enforce noninstantiability to GroovyUtil Class. (#180)

(OFBIZ-11778)

Made class as final, moved default constructor and renamed private data members as per naming convention best practices.

Improved: Made MODULE as private data member of class instead of public in all framework components. (OFBIZ-11739) This will reduce checkstlye issues. Thanks Jacques for review.

  1. … 386 more files in changeset.
Fixed: Issue with redirect queryParameters when the user is logged out (OFBIZ-11714)

In OFBIZ-10539, We missed removing the line which was adding parameters into the map as Ritesh suggested a good way to handle parameters. I've removed that redundant line of code and attaching a patch for the same.

Fixed: Issue with redirect queryParameters when the user is logged out (OFBIZ-11714)

In OFBIZ-10539, We missed removing the line which was adding parameters into the map as Ritesh suggested a good way to handle parameters. I've removed that redundant line of code and attaching a patch for the same.

Fixed: Issue with redirect queryParameters when the user is logged out (OFBIZ-11714)

In OFBIZ-10539, We missed removing the line which was adding parameters into the map as Ritesh suggested a good way to handle parameters. I've removed that redundant line of code and attaching a patch for the same.

Improved: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

Better style with line not too long

Improved: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

Better style with line not too long

Improved: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

This commit does 2 things:

Send a correct commit comment (kind of amendment, w/o push force)

Previous code compiled but SAFER_RESOLVER is not a class but a field, better KISS

Real change:

Better style with line not too long:

Improved: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

Fixes a typo: module instead of MODULE

Improved: Implemented: Documented: Completed: Reverted: Fixed:

(OFBIZ-)

Explanation

Thanks:

Improved: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

Previous code compiled but SAFER_RESOLVER is not a class but a field, better KISS

Improved: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

Previous code compiled but the class was not found, better KISS

Improved: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

Fixes all the conflicts previously handled by hand (no merge was possible)

Improved: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

Some people may want to use another TemplateClassResolver than SAFER_RESOLVER

This creates a new templateClassResolver security property and uses it in

FreeMarkerWorker::makeConfiguration by default

Conflicts all handled by hand (no merge possible)

  1. … 1 more file in changeset.
Improved: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

Some people may want to use another TemplateClassResolver than SAFER_RESOLVER

This creates a new templateClassResolver security property and uses it in

FreeMarkerWorker::makeConfiguration by default

Conflicts handled by hand

framework/security/config/security.properties

  1. … 1 more file in changeset.
Improved: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

Some people may want to use another TemplateClassResolver than SAFER_RESOLVER

This creates a new templateClassResolver security property and uses it in

FreeMarkerWorker::makeConfiguration by default

  1. … 1 more file in changeset.
Fixed: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

Since Freemarker 2.3.17 a known solution to these issues is to register a

TemplateClassResolver in Freemarker configuration in order to limit which

TemplateModels can be instantiated in the templates. The predefined resolver

SAFER_RESOLVER doesn't allow to instantiate the Execute class[4].

So the solution is to add the line

newConfig.setNewBuiltinClassResolver(TemplateClassResolver.SAFER_RESOLVER);

in FreeMarkerWorker.java

Fixed: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

Since Freemarker 2.3.17 a known solution to these issues is to register a

TemplateClassResolver in Freemarker configuration in order to limit which

TemplateModels can be instantiated in the templates. The predefined resolver

SAFER_RESOLVER doesn't allow to instantiate the Execute class[4].

So the solution is to add the line

newConfig.setNewBuiltinClassResolver(TemplateClassResolver.SAFER_RESOLVER);

in FreeMarkerWorker.java

Fixed: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

Since Freemarker 2.3.17 a known solution to these issues is to register a

TemplateClassResolver in Freemarker configuration in order to limit which

TemplateModels can be instantiated in the templates. The predefined resolver

SAFER_RESOLVER doesn't allow to instantiate the Execute class[4].

So the solution is to add the line

newConfig.setNewBuiltinClassResolver(TemplateClassResolver.SAFER_RESOLVER);

in FreeMarkerWorker.java

Conflicts handled by hand

Fixed: Issue with opening a page via bookmark when the user is logged out (OFBIZ-10539)

Thanks: Ritesh Kumar for report and the patch and Girish for the review.

Fixed: Issue with opening a page via bookmark when the user is logged out (OFBIZ-10539)

Thanks: Ritesh Kumar for report and the patch and Girish for the review.

Fixed: Issue with opening a page via bookmark when the user is logged out (OFBIZ-10539)

Thanks: Ritesh Kumar for report and the patch and Girish for the review.

Improved: Improve ObjectInputStream class

(OFBIZ-10837)

While working on OFBIZ-11633 I crossed an issue in R18 (not in trunk) where

objects from org.apache.commons.fileupload (namely DiskFileItem and

FileItemHeadersImpl) are not serializable.

While at it I decided to handle at the SafeObjectInputStream level

the "fileItems" case I already crossed with, OFBIZ-11534, in RequestHandler

It has an inconvenient in R18 (not in trunk) where ObjectInputStream can't

handle a null class (of course) and so return a benign exception in log (only).

I believe it's better to handle these specific cases at the lower possible

level in all supported branches.

  1. … 1 more file in changeset.
Improved: Improve ObjectInputStream class

(OFBIZ-10837)

While working on OFBIZ-11633 I crossed an issue in R18 (not in trunk) where

objects from org.apache.commons.fileupload (namely DiskFileItem and

FileItemHeadersImpl) are not serializable.

While at it I decided to handle at the SafeObjectInputStream level

the "fileItems" case I already crossed with, OFBIZ-11534, in RequestHandler

It has an inconvenient in R18 (not in trunk) where ObjectInputStream can't

handle a null class (of course) and so return a benign exception in log (only).

I believe it's better to handle these specific cases at the lower possible

level in all supported branches.

  1. … 1 more file in changeset.
Improved: Improve ObjectInputStream class

(OFBIZ-10837)

While working on OFBIZ-11633 I crossed an issue in R18 (not in trunk) where

objects from org.apache.commons.fileupload (namely DiskFileItem and

FileItemHeadersImpl) are not serializable.

While at it I decided to handle at the SafeObjectInputStream level

the "fileItems" case I already crossed with, OFBIZ-11534, in RequestHandler

It has an inconvenient in R18 (not in trunk) where ObjectInputStream can't

handle a null class (of course) and so return a benign exception in log (only).

I believe it's better to handle these specific cases at the lower possible

level in all supported branches.

  1. … 1 more file in changeset.
Improved: Increase the size of http.upload.max.sizethreshold

(OFBIZ-11598)

That's rather refactoring to avoid to have the size hardcoded in several places

Next: ask if it's OK for everyone to increase the size

  1. … 2 more files in changeset.
Documented: Framework, migration all docbook files to asciidoc (OFBIZ-11587)

- common-sending-email: include in email

- datafile: move as a include at the end of entity-engine section

- entity-engine: list of link to OFBiz wiki about entity configuration

- service-engine: a link to OFBiz wiki Service Engine Guide

- webtools: help for main screen

- mini-lang: include a link to OFBiz wiki mini-lang-reference at the

beginning of minilang-to-groovy-manual

move minilang-to-groovy-manual to Development environment

section

- unit-test: include as Junit test, and use README to list gradle

command available (so add a tag in REAME.adoc)

- base: add a link to OFBiz wiki Configuration Guide, in deployment

section

- SingleSignOn with LDAP: move to plugin LDAP and include in deployment

section

developer-manual is updated with some include lines or with directly a

sentence.

    • -0
    • +28
    ./src/docs/asciidoc/_include/email-sending.adoc
  1. … 9 more files in changeset.