myportal

Clone Tools
  • last updated a few minutes ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Improved: Use Error.ftl everywhere it's not yet used (OFBIZ-11890)

Removes all error*.jsp reference, no longer used

  1. … 21 more files in changeset.
Improved: Apply multi-block attr to each application (OFBIZ-11706)

For remaining plugin applications.

  1. … 16 more files in changeset.
Documented: ofbiz-plugins / MyPortal, remove docbook migrated to asciidoc (only a short introduction) (OFBIZ-11587)

Documented: ofbiz-plugins / MyPortal, migration for the Help docbook file to asciidoc (only a short introduction) (OFBIZ-11587)

add in _include directory, two portlet help coming from other components

(commonext and workeffort)

    • -0
    • +23
    ./src/docs/asciidoc/_include/portlet-calendar.adoc
    • -0
    • +34
    ./src/docs/asciidoc/my-portal.adoc
  1. … 1 more file in changeset.
Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.

(OFBIZ-11470)

As reported by OWASP ZAP:

A cookie has been set without the SameSite attribute, which means that the

cookie can be sent as a result of a 'cross-site' request. The SameSite attribute

is an effective counter measure to cross-site request forgery, cross-site script

inclusion, and timing attacks.

The solution was not obvious in OFBiz for 2 reasons:

1. There is no HttpServletResponse::setHeader. So we need to use a filter

(SameSiteFilter) and even that is not enough because of 2:

2. To prevent session fixation we force Tomcat to generates a new jsessionId,

ultimately put in cookie, in LoginWorker::login. So we need to add a call to

SameSiteFilter::addSameSiteCookieAttribute in

UtilHttp::setResponseBrowserDefaultSecurityHeaders.

  1. … 20 more files in changeset.
Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.

(OFBIZ-11470)

As reported by OWASP ZAP:

A cookie has been set without the SameSite attribute, which means that the

cookie can be sent as a result of a 'cross-site' request. The SameSite attribute

is an effective counter measure to cross-site request forgery, cross-site script

inclusion, and timing attacks.

The solution was not obvious in OFBiz for 2 reasons:

1. There is no HttpServletResponse::setHeader. So we need to use a filter

(SameSiteFilter) and even that is not enough because of 2:

2. To prevent session fixation we force Tomcat to generates a new jsessionId,

ultimately put in cookie, in LoginWorker::login. So we need to add a call to

SameSiteFilter::addSameSiteCookieAttribute in

UtilHttp::setResponseBrowserDefaultSecurityHeaders.

  1. … 20 more files in changeset.
Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.

(OFBIZ-11470)

As reported by OWASP ZAP:

A cookie has been set without the SameSite attribute, which means that the

cookie can be sent as a result of a 'cross-site' request. The SameSite attribute

is an effective counter measure to cross-site request forgery, cross-site script

inclusion, and timing attacks.

The solution was not obvious in OFBiz for 2 reasons:

1. There is no HttpServletResponse::setHeader. So we need to use a filter

(SameSiteFilter) and even that is not enough because of 2:

2. To prevent session fixation we force Tomcat to generates a new jsessionId,

ultimately put in cookie, in LoginWorker::login. So we need to add a call to

SameSiteFilter::addSameSiteCookieAttribute in

UtilHttp::setResponseBrowserDefaultSecurityHeaders.

  1. … 20 more files in changeset.
Fixed: Add XML declaration in “web.xml” files (OFBIZ-6993)

These declarations avoid SAXParseException traceback when parsing web.xml

the first time in WebappUtil.parseWebXmlFile

A schema conformance issue has been fixed in ecommerce “web.xml”.

(cherry picked from commit 1158664ba37264fa6b8429033bad768175ff10d5)

# Conflicts handled by hand

# msggateway/webapp/msggateway/WEB-INF/web.xml

  1. … 25 more files in changeset.
Fixed: Add XML declaration in “web.xml” files (OFBIZ-6993)

These declarations avoid SAXParseException traceback when parsing web.xml

the first time in WebappUtil.parseWebXmlFile

A schema conformance issue has been fixed in ecommerce “web.xml”.

  1. … 25 more files in changeset.
Fixed: Add XML declaration in “web.xml” files (OFBIZ-6993)

These declarations avoid SAXParseException traceback when parsing web.xml

the first time in WebappUtil.parseWebXmlFile

A schema conformance issue has been fixed in ecommerce “web.xml”.

# Conflicts handled by hand

# msggateway/webapp/msggateway/WEB-INF/web.xml

  1. … 25 more files in changeset.
"Applied fix from plugins for revision: 1851068 " ------------------------------------------------------------------------ r1851068 | jleroux | 2019-01-11 17:12:01 +0100 (ven. 11 janv. 2019) | 12 lignes

Fixed: Add session tracking mode and make cookie secure

(OFBIZ-6655)

Following "Session timeout for webapps" discussion on dev ML

https://markmail.org/message/p6fbiojjrwb2ybxd

We decided to put back the session-timeout value in web.xml files and to remove

the line

session.setMaxInactiveInterval(60*60); //in seconds

from ControlEventListener.java

Thanks: Deepak Nigam for report and Girish Vasmatkar for discussion

------------------------------------------------------------------------

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/branches/release18.12@1851073 13f79535-47bb-0310-9956-ffa450edef68

  1. … 22 more files in changeset.
"Applied fix from plugins for revision: 1851068 " ------------------------------------------------------------------------ r1851068 | jleroux | 2019-01-11 17:12:01 +0100 (ven. 11 janv. 2019) | 12 lignes

Fixed: Add session tracking mode and make cookie secure

(OFBIZ-6655)

Following "Session timeout for webapps" discussion on dev ML

https://markmail.org/message/p6fbiojjrwb2ybxd

We decided to put back the session-timeout value in web.xml files and to remove

the line

session.setMaxInactiveInterval(60*60); //in seconds

from ControlEventListener.java

Thanks: Deepak Nigam for report and Girish Vasmatkar for discussion

------------------------------------------------------------------------

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/branches/release17.12@1851072 13f79535-47bb-0310-9956-ffa450edef68

  1. … 22 more files in changeset.
Fixed: Add session tracking mode and make cookie secure (OFBIZ-6655)

Following "Session timeout for webapps" discussion on dev ML

https://markmail.org/message/p6fbiojjrwb2ybxd

We decided to put back the session-timeout value in web.xml files and to remove

the line

session.setMaxInactiveInterval(60*60); //in seconds

from ControlEventListener.java

Thanks: Deepak Nigam for report and Girish Vasmatkar for discussion

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1851068 13f79535-47bb-0310-9956-ffa450edef68

  1. … 22 more files in changeset.
Improved: Arranged myportal UI labels in alphabetic order. (OFBIZ-7282) Thanks Shivangi for your contribution.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1840923 13f79535-47bb-0310-9956-ffa450edef68

Improved: Use application/javascript instead of text/javascript (OFBIZ-10492) Replace text/javascript with application/javascript in all the script tag

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1836889 13f79535-47bb-0310-9956-ffa450edef68

  1. … 105 more files in changeset.
Improved: Remove use of deprecated language attribute from script tag (OFBIZ-10491)

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1836546 13f79535-47bb-0310-9956-ffa450edef68

  1. … 42 more files in changeset.
Improved: Moved plugins js from images to common/js (OFBIZ-5776)

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1818601 13f79535-47bb-0310-9956-ffa450edef68

  1. … 2 more files in changeset.
No functional change

Changes the OFBiz logo file name as it has been changed in the site

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1813480 13f79535-47bb-0310-9956-ffa450edef68

  1. … 9 more files in changeset.
Improved: Manage life span of SecurityGroupPermission entity. Applied patch from jira issue(OFBIZ-9801) Thanks Suraj Khurana for your contribution

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1812384 13f79535-47bb-0310-9956-ffa450edef68

    • -52
    • +52
    ./data/MyPortalSecurityGroupDemoData.xml
    • -1
    • +1
    ./data/MyPortalSecurityPermissionSeedData.xml
  1. … 22 more files in changeset.
Improved: Proper use of if-has-permission, Apply slightly modified patch from jira issue, if if-has-permission uses _ADMIN permission to check condition, so its good to have old pattern instead of using permission/action pattern. Thanks Suraj Khurana for your contribution(OFBIZ-9740)

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1812382 13f79535-47bb-0310-9956-ffa450edef68

  1. … 8 more files in changeset.
Improved: Add session tracking mode and make cookie secure (OFBIZ-6655)

Programmatically replaces the web.xml <session-config> declarations and uses

the @WebListener annotation to start the process. This avoid to duplicates

things everywhere in web.xml files. Since the web.xml files have precedence

on annotations, the setting can be easily overridden when necessary.

Now that we also use HTTPS in ecommerce the ecommerce session cookie is

also secured.

I also noted that we had 8 weird <session-timeout> declarations:

in solr component: <session-timeout>2</session-timeout>

in themes: <session-timeout>1</session-timeout>

Also in Rainbowstone we lacked the <cookie-config> and <tracking-mode>

declarations. I think it's not good.

I resolve these points by simply removing the <session-config> in web.xml files

of themes and Solr.

Thanks: Pradhan Yash Sharma for review

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1811041 13f79535-47bb-0310-9956-ffa450edef68

  1. … 24 more files in changeset.
Improved:Use from-field pattern instead of value=dollor pattern in 'set' element Apply slightly modified patch from jira issue, fixed some typo (OFBIZ-9607) Thanks Suraj Khurana and Rohit Rai for your contribution.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1806327 13f79535-47bb-0310-9956-ffa450edef68

  1. … 28 more files in changeset.
Improved: Set autocomplete to off for all the password fields. (OFBIZ-9471) Thanks Ritesh Kumar for your contribution.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1801325 13f79535-47bb-0310-9956-ffa450edef68

  1. … 12 more files in changeset.
Fixed: Fixed data load error causing due to plugin dependecny (OFBIZ-9243)

Added demo data in respective plugin that was causing foreign key issue while data load in ebay and myportal plugin.

Thanks Wai for reporting the issue.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1788660 13f79535-47bb-0310-9956-ffa450edef68

  1. … 1 more file in changeset.
Implemented: renamed the directory specialpurpose to plugins (OFBIZ-7972)

In another step towards completing the plugin system for OFBiz, we renamed

the /specialpurpose directory to /plugins and changed all occurences of the

word "specialpurpose" to "plugins" in all files found in the system

Reference discussion: http://markmail.org/message/hpyuxkmftiyn44w2

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/trunk/plugins@1778271 13f79535-47bb-0310-9956-ffa450edef68

  1. … 27 more files in changeset.
Improvement: Miniland code readability and consistency improvements

(OFBIZ-8744) (OFBIZ-8745) (OFBIZ-8746) (OFBIZ-8748) (OFBIZ-8829) (OFBIZ-8830) (OFBIZ-8907) (OFBIZ-8908) (OFBIZ-8924) (OFBIZ-8925)

Thanks: Ankush Upadhyay , Sega patidar , Abhijeet Ashapure for your patches.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/trunk/specialpurpose@1768219 13f79535-47bb-0310-9956-ffa450edef68

  1. … 66 more files in changeset.
Improvement: Minilang code readibility and conistency improvements

(OFBIZ-8445) (OFBIZ-8447) (OFBIZ-8448) (OFBIZ-8450) ( OFBIZ-8451) (OFBIZ-8653) (OFBIZ-8740) (OFBIZ-8741) (OFBIZ-8742) (OFBIZ-8743)

Thanks: Devanshu Vyas, Anuj Jain, Sega Patidar, Abhijeet Ashapure for your patches

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/trunk/specialpurpose@1768209 13f79535-47bb-0310-9956-ffa450edef68

  1. … 27 more files in changeset.
Reverts: Maximise the utilisation of common labels in various applications (OFBIZ-8102) (OFBIZ-8130) Reverts r1758774 for OFBIZ-8102 w/o reverting changes which slipped in Reverts r1761687 for OFBIZ-8130

We decided this is not a good way, we prefer to keep the FormFieldTitle_ way

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/trunk/specialpurpose@1761923 13f79535-47bb-0310-9956-ffa450edef68

  1. … 2 more files in changeset.
Improves: Maximise the utilisation of common labels in myportal forms (OFBIZ-8130)

Thanks: Pierre Smits

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/trunk/specialpurpose@1761687 13f79535-47bb-0310-9956-ffa450edef68

Implemented: removed the "controller" related logic, that is now provided by the new ControlFilter, from the ContextFilter; modified existing applications to use the two filters in a chain; removed from the other specialized filters all the logic that was duplicated or extended from ContextFilter.

A web application, in order to leverage the OFBiz framework, requires that a

series of objects are in its contexts (servlet context, session and request)

such as "delegator", "delegatorName", "dispatcher", "security" etc. etc...

This setup is performed by the logic contained in the servlet filter implemented

by the ContextFilter class.

The execution of this logic is required for the application to run properly.

However, before this commit, in the ContextFilter there was other logic, related

to access control and redirection rules (some of them performed in coordination

with the ControlServlet), making it difficult to deploy this filter in all the

web applications, especially the ones that implement special handling of paths.

In fact, this filter was deployed in most but not all the web application in the

OFBiz codebase: specifically it was not deployed in web applications that

require the execution of other filters (e.g. CatalogUrlFilter, etc...) like the

ones in the "ecommerce" and "solr" components.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/trunk/specialpurpose@1761304 13f79535-47bb-0310-9956-ffa450edef68

    • -12
    • +13
    ./webapp/myportal/WEB-INF/web.xml
  1. … 25 more files in changeset.