Clone Tools
  • last updated 12 mins ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Fixed: Check embedded Javascript libs vulnerabilities using retire.js (OFBIZ-11752)

* Fixed: Check embedded Javascript libs vulnerabilities using retire.js

(OFBIZ-11752)

Upgraded jQuery to 3.5.2 and jQuery migrate to 3.3.0 to vulnerabilities of medium severity

Regex in its jQuery.htmlPrefilter sometimes may introduce XSS; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

* Fixed: console error TypeError: document is undefined

(OFBIZ-11752)

As the document object was not passed to the IFFE call for the FORMALIZE function, it gives console error for the missing document object when accessed

    • -10598
    • +0
    ./js/jquery/jquery-3.4.1.js
    • -0
    • +10872
    ./js/jquery/jquery-3.5.1.js
    • -0
    • +2
    ./js/jquery/jquery-3.5.1.min.js
    • -540
    • +0
    ./js/jquery/jquery-migrate-3.0.0.js
    • -2
    • +0
    ./js/jquery/jquery-migrate-3.0.0.min.js
    • -0
    • +838
    ./js/jquery/jquery-migrate-3.3.0.js
    • -0
    • +2
    ./js/jquery/jquery-migrate-3.3.0.min.js
  1. … 2 more files in changeset.
Fixed: console error TypeError: document is undefined (OFBIZ-11752)

As the document object was not passed to the IFFE call for the FORMALIZE function, it gives console error for the missing document object when accessed

Fixed: Check embedded Javascript libs vulnerabilities using retire.js (OFBIZ-11752)

Upgraded jQuery to 3.5.2 and jQuery migrate to 3.3.0 to vulnerabilities of medium severity

Regex in its jQuery.htmlPrefilter sometimes may introduce XSS; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

    • -10598
    • +0
    ./js/jquery/jquery-3.4.1.js
    • -0
    • +10872
    ./js/jquery/jquery-3.5.1.js
    • -0
    • +2
    ./js/jquery/jquery-3.5.1.min.js
    • -540
    • +0
    ./js/jquery/jquery-migrate-3.0.0.js
    • -2
    • +0
    ./js/jquery/jquery-migrate-3.0.0.min.js
    • -0
    • +838
    ./js/jquery/jquery-migrate-3.3.0.js
    • -0
    • +2
    ./js/jquery/jquery-migrate-3.3.0.min.js
  1. … 2 more files in changeset.
Revert "Merge branch 'JacquesLeRoux-POC-for-CSRF-Token-OFBIZ-11306' into trunk"

This reverts commit 0add8bedbca231ffd839eb733f1041ce5487e9d6.

  1. … 37 more files in changeset.
Merge branch 'JacquesLeRoux-POC-for-CSRF-Token-OFBIZ-11306' into trunk Because of GitHub message on PR56: This branch cannot be rebased due to conflicts

Conflicts handled by hand

RequestHandler.java

  1. … 37 more files in changeset.
Fixed: CommonTheme has a dependency on Flatgrey application.js

(OFBIZ-11466)

In theme.xml of common-theme there is a reference to application.js residing in

the Flatgrey theme. This should not be. The file should be in common-theme.

Thanks: Pierre Smits for report and fix. I have just also removed

rainbowstone/js/application.js since it's now in common-theme

    • -0
    • +199
    ./js/util/application.js
  1. … 4 more files in changeset.
Fixed: CommonTheme has a dependency on Flatgrey application.js

(OFBIZ-11466)

In theme.xml of common-theme there is a reference to application.js residing in

the Flatgrey theme. This should not be. The file should be in common-theme.

Thanks: Pierre Smits for report and fix. I have just also removed

rainbowstone/js/application.js since it's now in common-theme

    • -0
    • +199
    ./js/util/application.js
  1. … 4 more files in changeset.
Fixed: CommonTheme has a dependency on Flatgrey application.js

(OFBIZ-11466)

In theme.xml of common-theme there is a reference to application.js residing in

the Flatgrey theme. This should not be. The file should be in common-theme.

Thanks: Pierre Smits for report and fix. I have just also removed

rainbowstone/js/application.js since it's now in common-theme

  1. … 4 more files in changeset.
Improved: Implemented: Documented: Completed: Reverted: Fixed: Improved: no functional change (OFBIZ-) Explanation Thanks:

  1. … 40 more files in changeset.
Creates new POC-for-CSRF-Token-OFBIZ-11306 branch

To share with James and others and later when OK to create a PR

  1. … 40 more files in changeset.
Fixed: setUserTimeZone should ran only once based on error (OFBIZ-11329)

This will be notably useful when committing CSRF solution as explained in

OFBIZ-11306:

SetTimeZoneFromBrowser when starting gives a RequestHandlerException:

Invalid or missing CSRF token for AJAX call to path '/SetTimeZoneFromBrowser'.

Also not only when starting.

Thanks: James Yong for review

  1. … 1 more file in changeset.
Fixed: setUserTimeZone should ran only once based on error (OFBIZ-11329)

This will be notably useful when committing CSRF solution as explained in

OFBIZ-11306:

SetTimeZoneFromBrowser when starting gives a RequestHandlerException:

Invalid or missing CSRF token for AJAX call to path '/SetTimeZoneFromBrowser'.

Also not only when starting.

Thanks: James Yong for review

  1. … 1 more file in changeset.
Improved: Equivalent of svn:auto-props properties on the server (OFBIZ-OFBIZ-11279)

This is needed as explained at https://s.apache.org/i86ht

    • -1181
    • +1181
    ./js/plugins/date/timezones/africa
    • -413
    • +413
    ./js/plugins/date/timezones/antarctica
    • -2717
    • +2717
    ./js/plugins/date/timezones/asia
    • -1719
    • +1719
    ./js/plugins/date/timezones/australasia
    • -117
    • +117
    ./js/plugins/date/timezones/backward
    • -81
    • +81
    ./js/plugins/date/timezones/etcetera
    • -2856
    • +2856
    ./js/plugins/date/timezones/europe
    • -10
    • +10
    ./js/plugins/date/timezones/factory
    • -276
    • +276
    ./js/plugins/date/timezones/iso3166.tab
    • -100
    • +100
    ./js/plugins/date/timezones/leapseconds
    • -326
    • +326
    ./js/plugins/date/timezones/min/africa
    • -112
    • +112
    ./js/plugins/date/timezones/min/antarctica
    • -725
    • +725
    ./js/plugins/date/timezones/min/asia
    • -110
    • +110
    ./js/plugins/date/timezones/min/backward
  1. … 23 more files in changeset.
Saving files before refreshing line endings

    • -9
    • +9
    ./js/jquery/plugins/datejs/date-af-ZA.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-ar-AE.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-ar-BH.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-ar-DZ.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-ar-EG.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-ar-IQ.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-ar-JO.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-ar-KW.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-ar-LB.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-ar-LY.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-ar-MA.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-ar-OM.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-ar-QA.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-ar-SA.js
  1. … 152 more files in changeset.
Improved: Equivalent of svn:auto-props properties on the server (OFBIZ-OFBIZ-11279)

As explained at https://s.apache.org/i86ht

This is needed after b424d2683e0679aeb4d49d3a28a2a682eed50b48

    • -9
    • +9
    ./js/jquery/plugins/datejs/date-af-ZA.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-ar-AE.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-ar-BH.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-ar-DZ.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-ar-EG.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-ar-IQ.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-ar-JO.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-ar-KW.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-ar-LB.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-ar-LY.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-ar-MA.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-ar-OM.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-ar-QA.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-ar-SA.js
  1. … 163 more files in changeset.
Saving files before refreshing line endings

    • -9
    • +9
    ./js/jquery/plugins/datejs/date-sv-SE.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-sw-KE.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-syr-SY.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-ta-IN.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-te-IN.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-th-TH.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-tn-ZA.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-tr-TR.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-tt-RU.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-uk-UA.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-ur-PK.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-vi-VN.js
    • -9
    • +9
    ./js/jquery/plugins/datejs/date-xh-ZA.js
  1. … 13 more files in changeset.
Reverted: "Fixed: add XML declaration in “web.xml” files (OFBIZ-6993)"

This reverts commit 3075027df7c82bcb381810d9d438150ef696254f.

  1. … 24 more files in changeset.
Reverted: "Fixed: add XML declaration in “web.xml” files (OFBIZ-6993)"

This reverts commit a93b1fcb7859a754ba84b810c4736e7ef6778689.

  1. … 24 more files in changeset.
Revert "Improved: Update “web.xml” files version 3.0 → 4.0 (OFBIZ-6993)"

This reverts commit 226e901981b68941bbcf3e1025d2208061d28db6.

  1. … 24 more files in changeset.
Improved: Update “web.xml” files version 3.0 → 4.0 (OFBIZ-6993)

  1. … 24 more files in changeset.
Fixed: Add XML declaration in “web.xml” files (OFBIZ-6993)

These declarations avoid SAXParseException traceback when parsing web.xml

the first time in WebappUtil.parseWebXmlFile

  1. … 24 more files in changeset.
Fixed: add XML declaration in “web.xml” files (OFBIZ-6993)

these declarations avoid SAXParseException traceback when parsing web.xml

the first time in WebappUtil.parseWebXmlFile

  1. … 24 more files in changeset.
Fixed: Add XML declaration in “web.xml” files (OFBIZ-6993)

These declarations avoid SAXParseException traceback when parsing web.xml

the first time in WebappUtil.parseWebXmlFile

  1. … 24 more files in changeset.
Fixed: add XML declaration in “web.xml” files (OFBIZ-6993)

these declarations avoid SAXParseException traceback when parsing web.xml

the first time in WebappUtil.parseWebXmlFile

  1. … 24 more files in changeset.
"Applied fix from trunk for revision: 1868615" ------------------------------------------------------------------------ r1868615 | jleroux | 2019-10-19 10:12:07 +0200 (sam. 19 oct. 2019) | 6 lignes

Fixed: Fix multi modal opening

(OFBIZ-11211)

Simplifies a little bit the current code.

Thanks: Leila for patch and Carl for confirmation

------------------------------------------------------------------------

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-framework/branches/release18.12@1868616 13f79535-47bb-0310-9956-ffa450edef68

Fixed: Fix multi modal opening (OFBIZ-11211)

Simplifies a little bit the current code.

Thanks: Leila for patch and Carl for confirmation

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-framework/trunk@1868615 13f79535-47bb-0310-9956-ffa450edef68

"Applied fix from trunk for revision: 1867577" ------------------------------------------------------------------------ r1867577 | jleroux | 2019-09-26 16:41:50 +0200 (jeu. 26 sept. 2019) | 8 lignes

Fixed: Fix multi modal opening

(OFBIZ-11211)

The issue is that when closing the modal the div inside html dom is not removed.

Then opening a second time create another identical div. Since a lookup is based

on an unique id, this id is no more unique...

Thanks: Carl Demus

------------------------------------------------------------------------

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-framework/branches/release18.12@1867578 13f79535-47bb-0310-9956-ffa450edef68

Fixed: Fix multi modal opening (OFBIZ-11211)

The issue is that when closing the modal the div inside html dom is not removed.

Then opening a second time create another identical div. Since a lookup is based

on an unique id, this id is no more unique...

Thanks: Carl Demus

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-framework/trunk@1867577 13f79535-47bb-0310-9956-ffa450edef68

Fixed: Send upload form with even-update-area doesn't work (OFBIZ-11207) When you create a xml form with upload as type, you can't use on-event-update-area element to submit it by ajax. Otherwise, OFBiz return an error message on 'uploadFile is empty. To solve it, we analyze the enctype's form before submit it to move on FormData instead a direct serialize [1]

example form where the problem has been present

****

<form name='AddNicelyFile' type='upload' target='CreateNicelyFile'>

<field name='uploadedFile' title='File'><file/></field>

<field name='addButton'><submit/></field>

<on-event-update-area event-type='submit' area-id='window' area-target='FileDisplaying'/>

</form>

****

Thanks to Samuel Tregouet for this fix

[1] https://developer.mozilla.org/en-US/docs/Web/API/FormData/Using_FormData_Objects

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-framework/branches/release18.12@1867437 13f79535-47bb-0310-9956-ffa450edef68

Fixed: Send upload form with even-update-area doesn't work (OFBIZ-11207) When you create a xml form with upload as type, you can't use on-event-update-area element to submit it by ajax. Otherwise, OFBiz return an error message on 'uploadFile is empty. To solve it, we analyze the enctype's form before submit it to move on FormData instead a direct serialize [1]

example form where the problem has been present

****

<form name='AddNicelyFile' type='upload' target='CreateNicelyFile'>

<field name='uploadedFile' title='File'><file/></field>

<field name='addButton'><submit/></field>

<on-event-update-area event-type='submit' area-id='window' area-target='FileDisplaying'/>

</form>

****

Thanks to Samuel Tregouet for this fix

[1] https://developer.mozilla.org/en-US/docs/Web/API/FormData/Using_FormData_Objects

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-framework/trunk@1867435 13f79535-47bb-0310-9956-ffa450edef68