lucene

Clone Tools
  • last updated 18 mins ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Improved: Removed unused imports from Java files for fixing checkstyle errors

(OFBIZ-11930)

Thanks: Priya Sharma

  1. … 2 more files in changeset.
Improved: Remove unused imports from Java files (OFBIZ-11930) (#36)

Improved: Remove unused imports from Java files

(OFBIZ-11930)

Thanks: Priya Sharma

  1. … 10 more files in changeset.
Improved: Corrected some line is longer than 150 characters checkstyle issues. Also fixed some extra spaces and naming conventions related checkstyle issues. (OFBIZ-11921)

  1. … 45 more files in changeset.
Improved: Corrected all incorrect indentation level issues in plugins component, also fixed some case indentation checkstyle issues. (OFBIZ-11922)

  1. … 14 more files in changeset.
Improved: Updated case indentation to 0 for all switch statements in plugins component. Also done formatting changes as per checkstyle best practices. (OFBIZ-11904)

  1. … 17 more files in changeset.
Improved: Update build.gradle to the latest dependencies (OFBIZ-11903)

See

https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check

for libs not upgraded.

  1. … 3 more files in changeset.
Improved: Corrected some single line statements to fix checkstyle issues, also removed some remaining extra spaces from code to avoid checkstyle erros in plugins component. (OFBIZ-11886)

  1. … 36 more files in changeset.
Improved: Use Error.ftl everywhere it's not yet used (OFBIZ-11890)

Removes all error*.jsp reference, no longer used

  1. … 21 more files in changeset.
Improved: Corrected all checkstyle formatting issues: 'typecast' is not followed by whitespace in plugins component. (OFBIZ-11887)

  1. … 23 more files in changeset.
Improved: Corrected all checkstyle formatting issues: Line has trailing spaces in plugins component. (OFBIZ-11880) Thanks Jacques for review.

  1. … 60 more files in changeset.
Improved: Corrected checkstyle formatting issues, 'is preceded/not preceded with whitespace' for plugins component. (OFBIZ-11874) This fixes following checkstyle issues: '{' is not preceded with whitespace.

'{' is not followed by whitespace.

'}' is not followed by whitespace.

'}' is not preceded with whitespace.

'typecast' is not followed by whitespace.

'try' is not followed by whitespace.

';' is preceded with whitespace.

  1. … 30 more files in changeset.
Improved: Corrected all checkstyle issues related to succeeding space for comma in plugins directory. (OFBIZ-11805) Thanks Jacques and Ritesh Kumar for review.

  1. … 13 more files in changeset.
Improved: Replace explicit type argument with diamond operator(OFBIZ-11828)

Since Java 1.7, when defining generic types it is unnecessary to redefine those types in the constructor when it is already done in the declared type.

  1. … 13 more files in changeset.
Improved: Merge identical catch blocks in single catch block(OFBIZ-11827)

In Java SE 7 and later, a single catch block can handle more than one type of exception. This feature can reduce code duplication and lessen the temptation to catch an overly broad exception.

Thanks: Jacques for the review.

  1. … 19 more files in changeset.
Improved: Change resources with proper naming convention in all plugin components. (OFBIZ-11739) Also, made MODULE as private data member of class instead of public. Thanks Jacques for review.

  1. … 60 more files in changeset.
Improved: Used utility provided by OFBizTestCase class for userLogin instead of fetching from DB test cases also removed unused fetching of userLogin in some cases (OFBIZ-11618)

  1. … 1 more file in changeset.
Improved: Update build.gradle to the latest dependencies

(OFBIZ-11603)

I tried to update to Groovy 3 but got a compile issue with commons-cli.

I did not dig further.

  1. … 5 more files in changeset.
Improved: replaces module by MODULE everywhere

  1. … 67 more files in changeset.
Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.

(OFBIZ-11470)

As reported by OWASP ZAP:

A cookie has been set without the SameSite attribute, which means that the

cookie can be sent as a result of a 'cross-site' request. The SameSite attribute

is an effective counter measure to cross-site request forgery, cross-site script

inclusion, and timing attacks.

The solution was not obvious in OFBiz for 2 reasons:

1. There is no HttpServletResponse::setHeader. So we need to use a filter

(SameSiteFilter) and even that is not enough because of 2:

2. To prevent session fixation we force Tomcat to generates a new jsessionId,

ultimately put in cookie, in LoginWorker::login. So we need to add a call to

SameSiteFilter::addSameSiteCookieAttribute in

UtilHttp::setResponseBrowserDefaultSecurityHeaders.

  1. … 20 more files in changeset.
Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.

(OFBIZ-11470)

As reported by OWASP ZAP:

A cookie has been set without the SameSite attribute, which means that the

cookie can be sent as a result of a 'cross-site' request. The SameSite attribute

is an effective counter measure to cross-site request forgery, cross-site script

inclusion, and timing attacks.

The solution was not obvious in OFBiz for 2 reasons:

1. There is no HttpServletResponse::setHeader. So we need to use a filter

(SameSiteFilter) and even that is not enough because of 2:

2. To prevent session fixation we force Tomcat to generates a new jsessionId,

ultimately put in cookie, in LoginWorker::login. So we need to add a call to

SameSiteFilter::addSameSiteCookieAttribute in

UtilHttp::setResponseBrowserDefaultSecurityHeaders.

  1. … 20 more files in changeset.
Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.

(OFBIZ-11470)

As reported by OWASP ZAP:

A cookie has been set without the SameSite attribute, which means that the

cookie can be sent as a result of a 'cross-site' request. The SameSite attribute

is an effective counter measure to cross-site request forgery, cross-site script

inclusion, and timing attacks.

The solution was not obvious in OFBiz for 2 reasons:

1. There is no HttpServletResponse::setHeader. So we need to use a filter

(SameSiteFilter) and even that is not enough because of 2:

2. To prevent session fixation we force Tomcat to generates a new jsessionId,

ultimately put in cookie, in LoginWorker::login. So we need to add a call to

SameSiteFilter::addSameSiteCookieAttribute in

UtilHttp::setResponseBrowserDefaultSecurityHeaders.

  1. … 20 more files in changeset.
Fixed: Add XML declaration in “web.xml” files (OFBIZ-6993)

These declarations avoid SAXParseException traceback when parsing web.xml

the first time in WebappUtil.parseWebXmlFile

A schema conformance issue has been fixed in ecommerce “web.xml”.

(cherry picked from commit 1158664ba37264fa6b8429033bad768175ff10d5)

# Conflicts handled by hand

# msggateway/webapp/msggateway/WEB-INF/web.xml

  1. … 25 more files in changeset.
Fixed: Add XML declaration in “web.xml” files (OFBIZ-6993)

These declarations avoid SAXParseException traceback when parsing web.xml

the first time in WebappUtil.parseWebXmlFile

A schema conformance issue has been fixed in ecommerce “web.xml”.

  1. … 25 more files in changeset.
Fixed: Add XML declaration in “web.xml” files (OFBIZ-6993)

These declarations avoid SAXParseException traceback when parsing web.xml

the first time in WebappUtil.parseWebXmlFile

A schema conformance issue has been fixed in ecommerce “web.xml”.

# Conflicts handled by hand

# msggateway/webapp/msggateway/WEB-INF/web.xml

  1. … 25 more files in changeset.
Improved: Update build.gradle to the latest dependencies (OFBIZ-11151)

Like for OFBIZ-10922 some updates were not possible. Please refer to the Jira

for more information

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1864973 13f79535-47bb-0310-9956-ffa450edef68

  1. … 4 more files in changeset.
Improved: Add missing ‘static’ modifier for private methods (OFBIZ-11098)

In order to make it clear when a method is not depending on the

internal state of an object, it is a good practice to declare it as

static.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1860939 13f79535-47bb-0310-9956-ffa450edef68

  1. … 2 more files in changeset.
Improved: Use the ‘@Override’ annotation (OFBIZ-10939)

The ‘@Override’ annotation helps readers understand that the method at

hand is overriding a super class or implementing an interface.

Additionally it allows the compiler to check if the methods annotated

with ‘@Override’ are actually implementing an abstract method.

Using that annotation makes ‘@see foo.bar.ParentClass#myMethod’

comments useless, so those they have been removed for the newly

annotated methods.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1860028 13f79535-47bb-0310-9956-ffa450edef68

  1. … 15 more files in changeset.
Improved: Remove redundant type declarations (OFBIZ-10937)

Since Java 1.7, when defining generic types it is unnecessary to

redefine those types in the constructor when it is already done in the

declared type.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1860025 13f79535-47bb-0310-9956-ffa450edef68

  1. … 37 more files in changeset.
Improved: Missing uiLabel for Create New on CMS Content Find Screen (OFBIZ-11005)

Steps to regenerate:

Go to https://demo-trunk.ofbiz.apache.org/content/control/CMSContentFind

Find missing uiLabel for Create New, showing as CommonCreateNew.

jleroux: This is related with OFBIZ-9905, we decided to use only CommonCreate

This do that and fix others which were missing in OFBIZ-9905

Thanks: Pawan Verma for report, Suraj for comment

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1858516 13f79535-47bb-0310-9956-ffa450edef68

  1. … 5 more files in changeset.
"Applied fix from plugins for revision: 1851068 " ------------------------------------------------------------------------ r1851068 | jleroux | 2019-01-11 17:12:01 +0100 (ven. 11 janv. 2019) | 12 lignes

Fixed: Add session tracking mode and make cookie secure

(OFBIZ-6655)

Following "Session timeout for webapps" discussion on dev ML

https://markmail.org/message/p6fbiojjrwb2ybxd

We decided to put back the session-timeout value in web.xml files and to remove

the line

session.setMaxInactiveInterval(60*60); //in seconds

from ControlEventListener.java

Thanks: Deepak Nigam for report and Girish Vasmatkar for discussion

------------------------------------------------------------------------

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/branches/release18.12@1851073 13f79535-47bb-0310-9956-ffa450edef68

  1. … 22 more files in changeset.