Clone Tools
  • last updated a few minutes ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Improved: Replace explicit type argument with diamond operator(OFBIZ-11828)

Since Java 1.7, when defining generic types it is unnecessary to redefine those types in the constructor when it is already done in the declared type.

  1. … 19 more files in changeset.
Improved: Replace anonymous types with lambda expressions(OFBIZ-11833)

  1. … 5 more files in changeset.
Improved: Replace try-finally with try with resources(OFBIZ-11826)

Set checkstyleMain.maxErrors to 26678 (-4)

Thanks: Jacques for the review.

  1. … 2 more files in changeset.
Improved: Replace single method call lambda with method reference(OFBIZ-11835)

Thanks: Jacques for the review.

  1. … 4 more files in changeset.
Improved: Checks if the value passed to checkStringForHtmlSafe is not null (OFBIZ-11822)

This was reported by SpotBugs in Eclipse to prevent a possible NPE.

It seems to me that it's more complex than that because of the

PolicyFactory::sanitize methods signatures where @Nullable annotation is

used. So the SpotBugs warning remains, anyway can't hurt.

BTW found 92 issues reported by SpotBugs in Eclipse, among them 33 are "scary"

I had to add 1 to tasks.checkstyleMain.maxErrors because of

https://github.com/apache/ofbiz-framework/pull/203 that I pulled after the push

was rejected by the pre-push local Git hook

  1. … 1 more file in changeset.
Fixed: Double encoded urls are not being decoded (OFBIZ-11822)

This was broken by OFBIZ-10275

Thanks: Alex Bodnaru

Fixed: Double encoded urls are not being decoded (OFBIZ-11822)

This was broken by OFBIZ-10275

Thanks: Alex Bodnaru

Fixed: Double encoded urls are not being decoded (OFBIZ-11822)

This was broken by OFBIZ-10275

Thanks: Alex Bodnaru

Improved: Enforce noninstantiability to GroovyUtil Class. (#180)

(OFBIZ-11778)

Made class as final, moved default constructor and renamed private data members as per naming convention best practices.

Improved: Made MODULE as private data member of class instead of public in all framework components. (OFBIZ-11739) This will reduce checkstlye issues. Thanks Jacques for review.

  1. … 386 more files in changeset.
Fixed: Issue with redirect queryParameters when the user is logged out (OFBIZ-11714)

In OFBIZ-10539, We missed removing the line which was adding parameters into the map as Ritesh suggested a good way to handle parameters. I've removed that redundant line of code and attaching a patch for the same.

Fixed: Issue with redirect queryParameters when the user is logged out (OFBIZ-11714)

In OFBIZ-10539, We missed removing the line which was adding parameters into the map as Ritesh suggested a good way to handle parameters. I've removed that redundant line of code and attaching a patch for the same.

Fixed: Issue with redirect queryParameters when the user is logged out (OFBIZ-11714)

In OFBIZ-10539, We missed removing the line which was adding parameters into the map as Ritesh suggested a good way to handle parameters. I've removed that redundant line of code and attaching a patch for the same.

Improved: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

Better style with line not too long

Improved: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

Better style with line not too long

Improved: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

This commit does 2 things:

Send a correct commit comment (kind of amendment, w/o push force)

Previous code compiled but SAFER_RESOLVER is not a class but a field, better KISS

Real change:

Better style with line not too long:

Improved: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

Fixes a typo: module instead of MODULE

Improved: Implemented: Documented: Completed: Reverted: Fixed:

(OFBIZ-)

Explanation

Thanks:

Improved: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

Previous code compiled but SAFER_RESOLVER is not a class but a field, better KISS

Improved: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

Previous code compiled but the class was not found, better KISS

Improved: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

Fixes all the conflicts previously handled by hand (no merge was possible)

Improved: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

Some people may want to use another TemplateClassResolver than SAFER_RESOLVER

This creates a new templateClassResolver security property and uses it in

FreeMarkerWorker::makeConfiguration by default

Conflicts all handled by hand (no merge possible)

  1. … 1 more file in changeset.
Improved: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

Some people may want to use another TemplateClassResolver than SAFER_RESOLVER

This creates a new templateClassResolver security property and uses it in

FreeMarkerWorker::makeConfiguration by default

Conflicts handled by hand

framework/security/config/security.properties

  1. … 1 more file in changeset.
Improved: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

Some people may want to use another TemplateClassResolver than SAFER_RESOLVER

This creates a new templateClassResolver security property and uses it in

FreeMarkerWorker::makeConfiguration by default

  1. … 1 more file in changeset.
Fixed: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

Since Freemarker 2.3.17 a known solution to these issues is to register a

TemplateClassResolver in Freemarker configuration in order to limit which

TemplateModels can be instantiated in the templates. The predefined resolver

SAFER_RESOLVER doesn't allow to instantiate the Execute class[4].

So the solution is to add the line

newConfig.setNewBuiltinClassResolver(TemplateClassResolver.SAFER_RESOLVER);

in FreeMarkerWorker.java

Fixed: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

Since Freemarker 2.3.17 a known solution to these issues is to register a

TemplateClassResolver in Freemarker configuration in order to limit which

TemplateModels can be instantiated in the templates. The predefined resolver

SAFER_RESOLVER doesn't allow to instantiate the Execute class[4].

So the solution is to add the line

newConfig.setNewBuiltinClassResolver(TemplateClassResolver.SAFER_RESOLVER);

in FreeMarkerWorker.java

Fixed: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

Since Freemarker 2.3.17 a known solution to these issues is to register a

TemplateClassResolver in Freemarker configuration in order to limit which

TemplateModels can be instantiated in the templates. The predefined resolver

SAFER_RESOLVER doesn't allow to instantiate the Execute class[4].

So the solution is to add the line

newConfig.setNewBuiltinClassResolver(TemplateClassResolver.SAFER_RESOLVER);

in FreeMarkerWorker.java

Conflicts handled by hand

Fixed: Issue with opening a page via bookmark when the user is logged out (OFBIZ-10539)

Thanks: Ritesh Kumar for report and the patch and Girish for the review.

Fixed: Issue with opening a page via bookmark when the user is logged out (OFBIZ-10539)

Thanks: Ritesh Kumar for report and the patch and Girish for the review.

Fixed: Issue with opening a page via bookmark when the user is logged out (OFBIZ-10539)

Thanks: Ritesh Kumar for report and the patch and Girish for the review.