ofbiz-plugins

Clone Tools
  • last updated 15 mins ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Improved: no functional change This file inadvertently slipped in with a previous commit, it's not needed.

Improved: no functional change This file inadvertently slipped in with a previous commit, it's not needed.

Fixed: The "stream" request-map in ecommerce and commonext controllers requires authentication (OFBIZ-11349)

Thanks: Michael for reporting a possible issue when only commenting the "stream"

request-map in commonext controller. And Jacopo to suggest to require

authentication (after suggesting to comment out)

It should be also noted that when the CSRF defense implementation will be in

place, all XSS vulnerabilities w/o authentication will not longer be possible.

Because then all requests shall contains a CSRF token.

Fixed: The "stream" request-map in ecommerce and commonext controllers requires authentication (OFBIZ-11349)

Thanks: Michael for reporting a possible issue when only commenting the "stream"

request-map in commonext controller. And Jacopo to suggest to require

authentication (after suggesting to comment out)

It should be also noted that when the CSRF defense implementation will be in

place, all XSS vulnerabilities w/o authentication will not longer be possible.

Because then all requests shall contains a CSRF token.

Fixed: The "stream" request-map in ecommerce and commonext controllers requires authentication (OFBIZ-11349)

Thanks: Michael for reporting a possible issue when only commenting the "stream"

request-map in commonext controller. And Jacopo to suggest to require

authentication (after suggesting to comment out)

It should be also noted that when the CSRF defense implementation will be in

place, all XSS vulnerabilities w/o authentication will not longer be possible.

Because then all requests shall contains a CSRF token.

Improved: Temporarily comment out the "stream" request-map in ecommerce controller for security reason (OFBIZ-11348)

No functional change, simply amend the comment

Improved: Temporarily comment out the "stream" request-map in ecommerce controller for security reason (OFBIZ-11348)

No functional change, simply amend the comment

Improved: Temporarily comment out the "stream" request-map in ecommerce controller for security reason (OFBIZ-11348)

No functional change, simply amend the comment

Fixed: Temporarily comment out the "stream" request-map in ecommerce controller for security reason (OFBIZ-11348)

A vulnerability has been reported to the OFBiz security team. We were able to

quickly and quietly fix it in supported versions, but in the ecommerce component.

To be able to release the 17.12.01 version with this vulnerability fixed we need

to temporarily comment out the "stream" request-map in ecommerce controller.

We will later fix the specific issue in ecommerce to put back the functionnalities

allowed by the "stream" request-map in ecommerce controller.

Fixed: Temporarily comment out the "stream" request-map in ecommerce controller for security reason (OFBIZ-11348)

A vulnerability has been reported to the OFBiz security team. We were able to

quickly and quietly fix it in supported versions, but in the ecommerce component.

To be able to release the 17.12.01 version with this vulnerability fixed we need

to temporarily comment out the "stream" request-map in ecommerce controller.

We will later fix the specific issue in ecommerce to put back the functionnalities

allowed by the "stream" request-map in ecommerce controller.

Fixed: Temporarily comment out the "stream" request-map in ecommerce controller for security reason (OFBIZ-11348)

A vulnerability has been reported to the OFBiz security team. We were able to

quickly and quietly fix it in supported versions, but in the ecommerce component.

To be able to release the 17.12.01 version with this vulnerability fixed we need

to temporarily comment out the "stream" request-map in ecommerce controller.

We will later fix the specific issue in ecommerce to put back the functionnalities

allowed by the "stream" request-map in ecommerce controller.

Improved: no functional change

This was added for OFBIZ-9198 but was superfluous since the same is already in

the included ecommerce controller

    • -0
    • +41
    /birt/src/docs/asciidoc/images/OFBiz-Logo.svg
Improved: no functional change

This was added for OFBIZ-9198 but was superfluous since the same is already in

the included ecommerce controller

    • -0
    • +41
    /birt/src/docs/asciidoc/images/OFBiz-Logo.svg
Improved: no functional change

This was added for OFBIZ-9198 but was superfluous since the same is already in

the included ecommerce controller

    • -0
    • +41
    /birt/src/docs/asciidoc/images/OFBiz-Logo.svg
Merge pull request #5 from adityasharma7/OFBIZ-11333

Implemented: Cookie Consent In E-Commerce

Implemented: Cookie Consent In E-Commerce (OFBIZ-11333) Implemented internationalisation by initialising the plugin in header.ftl and using uiLabels for title, message and labels. Thanks Michael Brohl for your inputs

    • -0
    • +15
    /ecommerce/config/EcommerceUiLabels.xml
    • -0
    • +15
    /ecommerce/template/includes/Header.ftl
Implemented: Cookie Consent In E-Commerce (OFBIZ-11333) Implemented internationalisation by initialising the plugin in header.ftl and using uiLabels for title, message and labels. Thanks Michael Brohl for your inputs

    • -0
    • +15
    /ecommerce/config/EcommerceUiLabels.xml
    • -0
    • +15
    /ecommerce/template/includes/Header.ftl
Implemented: Cookie Consent In E-Commerce (OFBIZ-11333) Implemented internationalisation by initialising the plugin in header.ftl and using uiLabels for title, message and labels. Thanks Michael Brohl for your inputs

    • -0
    • +15
    /ecommerce/config/EcommerceUiLabels.xml
    • -0
    • +15
    /ecommerce/template/includes/Header.ftl
Implemented: Cookie Consent In E-Commerce (OFBIZ-11333) The Cookie Law is a piece of privacy legislation that requires websites to get consent from visitors to store or retrieve any information on their computer, smartphone or tablet. It was designed to protect online privacy, by making consumers aware of how information about them is collected and used online, and give them a choice to allow it or not.

The EU Cookie Legislation began as a directive from the European Union. Some variation on the policy has since been adopted by all countries within the EU.

The EU Cookie Legislation requires 4 actions from website owners who use cookies:

1. When someone visits your website, you need to let them know that your site uses cookies.

2. You need to provide detailed information regarding how that cookie data will be utilized.

3. You need to provide visitors with some means of accepting or refusing the use of cookies in your site.

4. If they refuse, you need to ensure that cookies will not be placed on their machine.

Used bsgdprcookies plugin to implement the feature. Thanks Deepak Nigam for initiating and providing initial patch. Thanks Deepak Nigam, Pierre Smits, Michael Brohl, Jacques Le Roux and Swapnil M Mane for inputs.

    • -0
    • +20
    /ecommerce/data/DemoWebSitePublishPointData.xml
    • -0
    • +1
    /ecommerce/webapp/ecommerce/js/bsgdprcookies/.gitignore
    • -0
    • +21
    /ecommerce/webapp/ecommerce/js/bsgdprcookies/LICENSE
    • -0
    • +139
    /ecommerce/webapp/ecommerce/js/bsgdprcookies/README.MD
    • -0
    • +12
    /ecommerce/widget/CommonScreens.xml
Implemented: Cookie Consent In E-Commerce (OFBIZ-11333) The Cookie Law is a piece of privacy legislation that requires websites to get consent from visitors to store or retrieve any information on their computer, smartphone or tablet. It was designed to protect online privacy, by making consumers aware of how information about them is collected and used online, and give them a choice to allow it or not.

The EU Cookie Legislation began as a directive from the European Union. Some variation on the policy has since been adopted by all countries within the EU.

The EU Cookie Legislation requires 4 actions from website owners who use cookies:

1. When someone visits your website, you need to let them know that your site uses cookies.

2. You need to provide detailed information regarding how that cookie data will be utilized.

3. You need to provide visitors with some means of accepting or refusing the use of cookies in your site.

4. If they refuse, you need to ensure that cookies will not be placed on their machine.

Used bsgdprcookies plugin to implement the feature. Thanks Deepak Nigam for initiating and providing initial patch. Thanks Deepak Nigam, Pierre Smits, Michael Brohl, Jacques Le Roux and Swapnil M Mane for inputs.

    • -0
    • +20
    /ecommerce/data/DemoWebSitePublishPointData.xml
    • -0
    • +1
    /ecommerce/webapp/ecommerce/js/bsgdprcookies/.gitignore
    • -0
    • +21
    /ecommerce/webapp/ecommerce/js/bsgdprcookies/LICENSE
    • -0
    • +139
    /ecommerce/webapp/ecommerce/js/bsgdprcookies/README.MD
    • -0
    • +12
    /ecommerce/widget/CommonScreens.xml
Implemented: Cookie Consent In E-Commerce (OFBIZ-11333) The Cookie Law is a piece of privacy legislation that requires websites to get consent from visitors to store or retrieve any information on their computer, smartphone or tablet. It was designed to protect online privacy, by making consumers aware of how information about them is collected and used online, and give them a choice to allow it or not.

The EU Cookie Legislation began as a directive from the European Union. Some variation on the policy has since been adopted by all countries within the EU.

The EU Cookie Legislation requires 4 actions from website owners who use cookies:

1. When someone visits your website, you need to let them know that your site uses cookies.

2. You need to provide detailed information regarding how that cookie data will be utilized.

3. You need to provide visitors with some means of accepting or refusing the use of cookies in your site.

4. If they refuse, you need to ensure that cookies will not be placed on their machine.

Used bsgdprcookies plugin to implement the feature. Thanks Deepak Nigam for initiating and providing initial patch. Thanks Deepak Nigam, Pierre Smits, Michael Brohl, Jacques Le Roux and Swapnil M Mane for inputs.

    • -0
    • +20
    /ecommerce/data/DemoWebSitePublishPointData.xml
    • -0
    • +1
    /ecommerce/webapp/ecommerce/js/bsgdprcookies/.gitignore
    • -0
    • +21
    /ecommerce/webapp/ecommerce/js/bsgdprcookies/LICENSE
    • -0
    • +139
    /ecommerce/webapp/ecommerce/js/bsgdprcookies/README.MD
    • -0
    • +12
    /ecommerce/widget/CommonScreens.xml
Improved: no functional change Added .gitignore file

Improved: no functional change Added .gitignore file

Improved: no functional change Added .gitignore file

Fixed: Error when initialize billFromParty from groovy context in loadSalesOrderItemFact service

After the conversion from bsh to groovy, the script that resolve

billFromParty need to propage the value on context Map to be available

on minilang context

Fixed: Error when initialize billFromParty from groovy context in loadSalesOrderItemFact service

After the conversion from bsh to groovy, the script that resolve

billFromParty need to propage the value on context Map to be available

on minilang context

Fixed: Error when initialize billFromParty from groovy context in loadSalesOrderItemFact service

After the conversion from bsh to groovy, the script that resolve

billFromParty need to propage the value on context Map to be available

on minilang context

Fixed: service 'loadSalesOrderItemFact' has hard coded currencyUomId (OFBIZ-11033)

Used PartyAccountingPreference.baseCurrencyUomId instead of hard coded USD.

Thanks: Pierre Smits for your contribution.

Fixed: service 'loadSalesOrderItemFact' has hard coded currencyUomId (OFBIZ-11033)

Used PartyAccountingPreference.baseCurrencyUomId instead of hard coded USD.

Thanks: Pierre Smits for your contribution.

Fixed: service 'loadSalesOrderItemFact' has hard coded currencyUomId (OFBIZ-11033)

Used PartyAccountingPreference.baseCurrencyUomId instead of hard coded USD.

Thanks: Pierre Smits for your contribution.