common-theme

Clone Tools
  • last updated a few minutes ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Improved: Move page-specific script links to html template (OFBIZ-11799)

Moved select2 script and link tags to html template when multi-block=true.

select2 language js will be auto added by MultiBlockHtmlTemplateUtil#addLinksToLayoutSettings

Tested on

https://localhost:8443/example/control/FormWidgetExamples

https://localhost:8443/ordermgr/control/FindRequest

  1. … 1 more file in changeset.
Improved: Add missing map for minified OpenLayers js and css (OFBIZ-11883)

Finally removes ol.js.map and references to it because it does not help due to

concatenations of multiple files in the multi mb source distribution.

Thanks: Alex Bodnaru for inquiry

Improved: Add missing map for minified OpenLayers js and css (OFBIZ-11883)

Downloaded from

https://github.com/openlayers/openlayers/releases/download/v5.3.0/v5.3.0-dist.zip

Thanks: Alex Bodnaru

    • -0
    • +1
    ./webapp/common/js/plugins/ol.js.map
Improved: Adds missing jGrowl map file (OFBIZ-11892)

Picked from

https://cdnjs.cloudflare.com/ajax/libs/jquery-jgrowl/1.4.6/jquery.jgrowl.map

Thanks to Alex Bodnaru

    • -0
    • +1
    ./webapp/common/js/jquery/plugins/jquery-jgrowl/jquery.jgrowl.map
Improved: Adds missing jGrowl map file (OFBIZ-11892)

Picked from

https://cdnjs.cloudflare.com/ajax/libs/jquery-jgrowl/1.4.6/jquery.jgrowl.map

Thanks to Alex Bodnaru

    • -0
    • +1
    ./webapp/common/js/jquery/plugins/jquery-jgrowl/jquery.jgrowl.map
Fixed: Check embedded Javascript libs vulnerabilities using retire.js (OFBIZ-11752)

* Fixed: Check embedded Javascript libs vulnerabilities using retire.js

(OFBIZ-11752)

Upgraded jQuery to 3.5.2 and jQuery migrate to 3.3.0 to vulnerabilities of medium severity

Regex in its jQuery.htmlPrefilter sometimes may introduce XSS; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

* Fixed: console error TypeError: document is undefined

(OFBIZ-11752)

As the document object was not passed to the IFFE call for the FORMALIZE function, it gives console error for the missing document object when accessed

    • -10598
    • +0
    ./webapp/common/js/jquery/jquery-3.4.1.js
    • -2
    • +0
    ./webapp/common/js/jquery/jquery-3.4.1.min.js
    • -0
    • +10872
    ./webapp/common/js/jquery/jquery-3.5.1.js
    • -0
    • +2
    ./webapp/common/js/jquery/jquery-3.5.1.min.js
    • -0
    • +838
    ./webapp/common/js/jquery/jquery-migrate-3.3.0.js
    • -0
    • +2
    ./webapp/common/js/jquery/jquery-migrate-3.3.0.min.js
    • -1
    • +1
    ./webapp/common/js/util/application.js
Fixed: console error TypeError: document is undefined (OFBIZ-11752)

As the document object was not passed to the IFFE call for the FORMALIZE function, it gives console error for the missing document object when accessed

    • -1
    • +1
    ./webapp/common/js/util/application.js
Fixed: Check embedded Javascript libs vulnerabilities using retire.js (OFBIZ-11752)

Upgraded jQuery to 3.5.2 and jQuery migrate to 3.3.0 to vulnerabilities of medium severity

Regex in its jQuery.htmlPrefilter sometimes may introduce XSS; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

    • -10598
    • +0
    ./webapp/common/js/jquery/jquery-3.4.1.js
    • -2
    • +0
    ./webapp/common/js/jquery/jquery-3.4.1.min.js
    • -0
    • +10872
    ./webapp/common/js/jquery/jquery-3.5.1.js
    • -0
    • +2
    ./webapp/common/js/jquery/jquery-3.5.1.min.js
    • -0
    • +838
    ./webapp/common/js/jquery/jquery-migrate-3.3.0.js
    • -0
    • +2
    ./webapp/common/js/jquery/jquery-migrate-3.3.0.min.js
Improved: Headerize external script in multi-block html template (OFBIZ-11741)

Allow external scripts within the multi-block html template, to be rendered

within the html head tag, when a new attribute data-import is set to “head”

Thanks: Jacques for review

  1. … 19 more files in changeset.
Improved: Apply multi-block attr to each application (OFBIZ-11706)

1. Fix missing Boundary Comment at beginning

2. Apply multi-block attr

  1. … 1 more file in changeset.
Improved: Apply multi-block attr to each application (OFBIZ-11706)

1. Fix missing Boundary Comment at beginning

2. Apply multi-block attr

  1. … 1 more file in changeset.
Fixed: showjGrowl called twice (OFBIZ-11720)

showjGrowl function is called twice,

even when there is no message to show.

    • -26
    • +16
    ./template/includes/Messages.ftl
Fixed: showjGrowl called twice (OFBIZ-11720)

showjGrowl function is called twice,

even when there is no message to show.

    • -26
    • +16
    ./template/includes/Messages.ftl
Improved: Apply multi-block attr to each application (OFBIZ-11706)

Revert regression for showHelp.

Improved: Apply multi-block attr to each application (OFBIZ-11706)

Revert regression for showHelp.

Fixed: Entering manually date in date-time field become unworkable (OFBIZ-10432)

Thanks, Olivier for the report.

    • -3
    • +3
    ./template/macro/HtmlFormMacroLibrary.ftl
Fixed: Entering manually date in date-time field become unworkable (OFBIZ-10432)

Thanks, Olivier for the report.

    • -3
    • +3
    ./template/macro/HtmlFormMacroLibrary.ftl
Improved: Expansion of form widget field disabled atrribute with xsd improvement (#141)

(OFBIZ-10432)

1. Added disabled attribute support in ModelFormField with xs:boolean type

2. Removed specific field level disabled attribute support for CheckField and TextField

3. Modified existing usage of disabled attribute as per new implementation.

Thanks: Rishi for the report and Taher, Gil and Jacques for the feedback

    • -4
    • +4
    ./template/macro/CsvFormMacroLibrary.ftl
    • -4
    • +4
    ./template/macro/FoFormMacroLibrary.ftl
    • -6
    • +8
    ./template/macro/HtmlFormMacroLibrary.ftl
    • -4
    • +4
    ./template/macro/TextFormMacroLibrary.ftl
    • -4
    • +4
    ./template/macro/XlsFormMacroLibrary.ftl
    • -4
    • +4
    ./template/macro/XmlFormMacroLibrary.ftl
  1. … 7 more files in changeset.
Improved: Apply multi-block attr to each application (OFBIZ-11706)

Fix regression

Improved: Apply multi-block attr to each application (OFBIZ-11706)

For Webtools, Themes.

  1. … 4 more files in changeset.
Revert "Merge branch 'JacquesLeRoux-POC-for-CSRF-Token-OFBIZ-11306' into trunk"

This reverts commit 0add8bedbca231ffd839eb733f1041ce5487e9d6.

    • -1
    • +1
    ./template/macro/CsvFormMacroLibrary.ftl
    • -1
    • +1
    ./template/macro/FoFormMacroLibrary.ftl
    • -7
    • +1
    ./template/macro/HtmlFormMacroLibrary.ftl
    • -1
    • +1
    ./template/macro/TextFormMacroLibrary.ftl
    • -1
    • +1
    ./template/macro/XlsFormMacroLibrary.ftl
    • -1
    • +1
    ./template/macro/XmlFormMacroLibrary.ftl
    • -11
    • +1
    ./webapp/common/js/util/OfbizUtil.js
  1. … 30 more files in changeset.
Merge branch 'JacquesLeRoux-POC-for-CSRF-Token-OFBIZ-11306' into trunk Because of GitHub message on PR56: This branch cannot be rebased due to conflicts

Conflicts handled by hand

RequestHandler.java

    • -1
    • +1
    ./template/macro/CsvFormMacroLibrary.ftl
    • -1
    • +1
    ./template/macro/FoFormMacroLibrary.ftl
    • -1
    • +7
    ./template/macro/HtmlFormMacroLibrary.ftl
    • -1
    • +1
    ./template/macro/TextFormMacroLibrary.ftl
    • -1
    • +1
    ./template/macro/XlsFormMacroLibrary.ftl
    • -1
    • +1
    ./template/macro/XmlFormMacroLibrary.ftl
    • -1
    • +11
    ./webapp/common/js/util/OfbizUtil.js
  1. … 30 more files in changeset.
Improved: Decodes AjaxAutocompleteOptions return value

(OFBIZ-11475)

Improved: Decodes AjaxAutocompleteOptions return value

(OFBIZ-11475)

Improved: no functional change

Adds "Content-Security-Policy" frame-ancestors="self" in ErrorPage.ftl

Because this page is used as a HTTP 500 error it's more susceptible to

clickjacking

Quoting OWASP ZAP:

This problem still applies to error-type pages (401, 403, 500, etc.), as these

pages are still often affected by injection problems, in which case it is still

possible that browsers may interpret pages differently from their actual content

type.

I tried to work on other file types that were also reported but it's complicated

adn I believe it's not worth it

Improved: no functional change

Adds "Content-Security-Policy" frame-ancestors="self" in ErrorPage.ftl

Because this page is used as a HTTP 500 error it's more susceptible to

clickjacking

Quoting OWASP ZAP:

This problem still applies to error-type pages (401, 403, 500, etc.), as these

pages are still often affected by injection problems, in which case it is still

possible that browsers may interpret pages differently from their actual content

type.

I tried to work on other file types that were also reported but it's complicated

adn I believe it's not worth it

Improved: no functional change

Adds "Content-Security-Policy" frame-ancestors="self" in ErrorPage.ftl

Because this page is used as a HTTP 500 error it's more susceptible to

clickjacking

Quoting OWASP ZAP:

This problem still applies to error-type pages (401, 403, 500, etc.), as these

pages are still often affected by injection problems, in which case it is still

possible that browsers may interpret pages differently from their actual content

type.

I tried to work on other file types that were also reported but it's complicated

adn I believe it's not worth it

Fixed: CommonTheme has a dependency on Flatgrey application.js

(OFBIZ-11466)

In theme.xml of common-theme there is a reference to application.js residing in

the Flatgrey theme. This should not be. The file should be in common-theme.

Thanks: Pierre Smits for report and fix. I have just also removed

rainbowstone/js/application.js since it's now in common-theme

    • -0
    • +199
    ./webapp/common/js/util/application.js
  1. … 3 more files in changeset.
Fixed: CommonTheme has a dependency on Flatgrey application.js

(OFBIZ-11466)

In theme.xml of common-theme there is a reference to application.js residing in

the Flatgrey theme. This should not be. The file should be in common-theme.

Thanks: Pierre Smits for report and fix. I have just also removed

rainbowstone/js/application.js since it's now in common-theme

    • -0
    • +199
    ./webapp/common/js/util/application.js
  1. … 3 more files in changeset.
Fixed: CommonTheme has a dependency on Flatgrey application.js

(OFBIZ-11466)

In theme.xml of common-theme there is a reference to application.js residing in

the Flatgrey theme. This should not be. The file should be in common-theme.

Thanks: Pierre Smits for report and fix. I have just also removed

rainbowstone/js/application.js since it's now in common-theme

    • -0
    • +199
    ./webapp/common/js/util/application.js
  1. … 3 more files in changeset.