Clone Tools
  • last updated 26 mins ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Fixed: getJs unknown in Webpos (OFBIZ-11932)

R17 is not affected

Improved: Use Error.ftl everywhere it's not yet used (OFBIZ-11890)

Removes all error*.jsp reference, no longer used

  1. … 21 more files in changeset.
Improved: Use Error.ftl everywhere it's not yet used (OFBIZ-11890)

The ecommerce and webpos controller missed an errorpage reference.

All other controllers either use directly the common-controller or indirectly by

including controller/s that include the common-controller

  1. … 1 more file in changeset.
Improved: User Error.ftl everywhere it's not yet used (OFBIZ-11890)

Those are no longer needed, replaced by error.ftl

  1. … 1 more file in changeset.
Improved: User Error.ftl everywhere it's not yet used (OFBIZ-11890)

At https://markmail.org/message/n76cchtriexxmgm7 I asked

Why having the ftl handlers only in webtools controller? BTW it makes the XSD

documentation awkward because it speaks about the ftl handlers being in

handlers-controller.xml

Why not using error.ftl in common-controller.xml instead of error.jsp?

Same question for plugins.

And answered

I believe we could change all that and definitely get rid of error.jsp

(error.ftl is already in all supported releases branches)

  1. … 1 more file in changeset.
Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.

(OFBIZ-11470)

As reported by OWASP ZAP:

A cookie has been set without the SameSite attribute, which means that the

cookie can be sent as a result of a 'cross-site' request. The SameSite attribute

is an effective counter measure to cross-site request forgery, cross-site script

inclusion, and timing attacks.

The solution was not obvious in OFBiz for 2 reasons:

1. There is no HttpServletResponse::setHeader. So we need to use a filter

(SameSiteFilter) and even that is not enough because of 2:

2. To prevent session fixation we force Tomcat to generates a new jsessionId,

ultimately put in cookie, in LoginWorker::login. So we need to add a call to

SameSiteFilter::addSameSiteCookieAttribute in

UtilHttp::setResponseBrowserDefaultSecurityHeaders.

  1. … 20 more files in changeset.
Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.

(OFBIZ-11470)

As reported by OWASP ZAP:

A cookie has been set without the SameSite attribute, which means that the

cookie can be sent as a result of a 'cross-site' request. The SameSite attribute

is an effective counter measure to cross-site request forgery, cross-site script

inclusion, and timing attacks.

The solution was not obvious in OFBiz for 2 reasons:

1. There is no HttpServletResponse::setHeader. So we need to use a filter

(SameSiteFilter) and even that is not enough because of 2:

2. To prevent session fixation we force Tomcat to generates a new jsessionId,

ultimately put in cookie, in LoginWorker::login. So we need to add a call to

SameSiteFilter::addSameSiteCookieAttribute in

UtilHttp::setResponseBrowserDefaultSecurityHeaders.

  1. … 20 more files in changeset.
Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.

(OFBIZ-11470)

As reported by OWASP ZAP:

A cookie has been set without the SameSite attribute, which means that the

cookie can be sent as a result of a 'cross-site' request. The SameSite attribute

is an effective counter measure to cross-site request forgery, cross-site script

inclusion, and timing attacks.

The solution was not obvious in OFBiz for 2 reasons:

1. There is no HttpServletResponse::setHeader. So we need to use a filter

(SameSiteFilter) and even that is not enough because of 2:

2. To prevent session fixation we force Tomcat to generates a new jsessionId,

ultimately put in cookie, in LoginWorker::login. So we need to add a call to

SameSiteFilter::addSameSiteCookieAttribute in

UtilHttp::setResponseBrowserDefaultSecurityHeaders.

  1. … 20 more files in changeset.
Fixed: Add XML declaration in “web.xml” files (OFBIZ-6993)

These declarations avoid SAXParseException traceback when parsing web.xml

the first time in WebappUtil.parseWebXmlFile

A schema conformance issue has been fixed in ecommerce “web.xml”.

(cherry picked from commit 1158664ba37264fa6b8429033bad768175ff10d5)

# Conflicts handled by hand

# msggateway/webapp/msggateway/WEB-INF/web.xml

  1. … 25 more files in changeset.
Fixed: Add XML declaration in “web.xml” files (OFBIZ-6993)

These declarations avoid SAXParseException traceback when parsing web.xml

the first time in WebappUtil.parseWebXmlFile

A schema conformance issue has been fixed in ecommerce “web.xml”.

  1. … 25 more files in changeset.
Fixed: Add XML declaration in “web.xml” files (OFBIZ-6993)

These declarations avoid SAXParseException traceback when parsing web.xml

the first time in WebappUtil.parseWebXmlFile

A schema conformance issue has been fixed in ecommerce “web.xml”.

# Conflicts handled by hand

# msggateway/webapp/msggateway/WEB-INF/web.xml

  1. … 25 more files in changeset.
Applied fix from trunk for revision: 1858289 ===

Fixed: Shortkeys missing on WebPOS.

(OFBIZ-10961)

It was broken after jQuery update on rev #1850712.

Thanks Padmavati Rawat for reporting and Rohit Koushal for providing the patch.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/branches/release18.12@1858290 13f79535-47bb-0310-9956-ffa450edef68

Fixed: Shortkeys missing on WebPOS. (OFBIZ-10961) It was broken after jQuery update on rev #1850712. Thanks Padmavati Rawat for reporting and Rohit Koushal for providing the patch.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1858289 13f79535-47bb-0310-9956-ffa450edef68

"Applied fix from plugins for revision: 1851068 " ------------------------------------------------------------------------ r1851068 | jleroux | 2019-01-11 17:12:01 +0100 (ven. 11 janv. 2019) | 12 lignes

Fixed: Add session tracking mode and make cookie secure

(OFBIZ-6655)

Following "Session timeout for webapps" discussion on dev ML

https://markmail.org/message/p6fbiojjrwb2ybxd

We decided to put back the session-timeout value in web.xml files and to remove

the line

session.setMaxInactiveInterval(60*60); //in seconds

from ControlEventListener.java

Thanks: Deepak Nigam for report and Girish Vasmatkar for discussion

------------------------------------------------------------------------

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/branches/release18.12@1851073 13f79535-47bb-0310-9956-ffa450edef68

  1. … 22 more files in changeset.
"Applied fix from plugins for revision: 1851068 " ------------------------------------------------------------------------ r1851068 | jleroux | 2019-01-11 17:12:01 +0100 (ven. 11 janv. 2019) | 12 lignes

Fixed: Add session tracking mode and make cookie secure

(OFBIZ-6655)

Following "Session timeout for webapps" discussion on dev ML

https://markmail.org/message/p6fbiojjrwb2ybxd

We decided to put back the session-timeout value in web.xml files and to remove

the line

session.setMaxInactiveInterval(60*60); //in seconds

from ControlEventListener.java

Thanks: Deepak Nigam for report and Girish Vasmatkar for discussion

------------------------------------------------------------------------

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/branches/release17.12@1851072 13f79535-47bb-0310-9956-ffa450edef68

  1. … 22 more files in changeset.
Fixed: Add session tracking mode and make cookie secure (OFBIZ-6655)

Following "Session timeout for webapps" discussion on dev ML

https://markmail.org/message/p6fbiojjrwb2ybxd

We decided to put back the session-timeout value in web.xml files and to remove

the line

session.setMaxInactiveInterval(60*60); //in seconds

from ControlEventListener.java

Thanks: Deepak Nigam for report and Girish Vasmatkar for discussion

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1851068 13f79535-47bb-0310-9956-ffa450edef68

  1. … 22 more files in changeset.
Applied fix from trunk for revision: 1850712 ===

Improved: Replace jQuery.bind() with jQuery.on()

(OFBIZ-10758)

As of jQuery 3.0, .bind() has been deprecated. It was superseded by the .on() method for attaching event handlers to a document.

Additional change:

Improved boolean returns with single statement, replacing if blocks with explicit boolean return.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/branches/release18.12@1850714 13f79535-47bb-0310-9956-ffa450edef68

  1. … 7 more files in changeset.
Improved: Replace jQuery.bind() with jQuery.on() (OFBIZ-10758) As of jQuery 3.0, .bind() has been deprecated. It was superseded by the .on() method for attaching event handlers to a document. Additional change: Improved boolean returns with single statement, replacing if blocks with explicit boolean return.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1850712 13f79535-47bb-0310-9956-ffa450edef68

  1. … 7 more files in changeset.
Improved: Themes can't be changed in webpos (OFBIZ-10767)

Following this discussion on dev ML I decided to test it on Ubuntu in my Windows

7 VM and it works there.

Just that you don't automatically get back to the webpos page when changing theme

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1850552 13f79535-47bb-0310-9956-ffa450edef68

Fixed: Multiple records are shown in search modal in webpos. (OFBIZ-10314) Thanks Archana Asthana for reporting and Shikha Jaiswal for providing the patch.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/branches/release17.12@1844959 13f79535-47bb-0310-9956-ffa450edef68

  1. … 2 more files in changeset.
Fixed: Multiple records are shown in search modal in webpos. (OFBIZ-10314) Thanks Archana Asthana for reporting and Shikha Jaiswal for providing the patch.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1844957 13f79535-47bb-0310-9956-ffa450edef68

  1. … 2 more files in changeset.
Improved: Remove few request-map "edit" attributes in controllers (OFBIZ-10608)

As documented, currently

Reserved for future use (not used yet).

I checked, it's still not implemented. So no need to confuse people for now,

better to remove until it's really used.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1844744 13f79535-47bb-0310-9956-ffa450edef68

  1. … 2 more files in changeset.
Improved: Renames setLocaleFromBrowser to SetTimeZoneFromBrowser everywhere it's needed. (OFBIZ-10472)

FORGOT IT in WEBPOS!

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1840446 13f79535-47bb-0310-9956-ffa450edef68

Applied fix from trunk for revision: 1837845 ===

Fixed: Party Search doesn't consider Billing Address and Shipping Address checkbox in WebPos.

(OFBIZ-7709)

Thanks Vishal for your patch.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/branches/release17.12@1837846 13f79535-47bb-0310-9956-ffa450edef68

Fixed: Party Search doesn't consider Billing Address and Shipping Address checkbox in WebPos. (OFBIZ-7709) Thanks Vishal for your patch.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1837845 13f79535-47bb-0310-9956-ffa450edef68

Applied fix from trunk for revision: 1837796 ===

Fixed: Not able to select Virtual Product in WebPos.

(OFBIZ-7719)

Thanks Vishal for your patch.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/branches/release17.12@1837799 13f79535-47bb-0310-9956-ffa450edef68

Fixed: Not able to select Virtual Product in WebPos. (OFBIZ-7719) Thanks Vishal for your patch.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1837796 13f79535-47bb-0310-9956-ffa450edef68

Improved: UI Label Issue on WebPos screen. Removed unnecessary class that was causing text in white colour. (OFBIZ-10312) Thanks Archana Asthana for reporting the issue and Pawan Verma for providing fix.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1830451 13f79535-47bb-0310-9956-ffa450edef68

Improved: Fields going outside. Fix the alignment and widht to adjust the text box in the window. (OFBIZ-10316) Thanks Padmavati Rawat for reporting the issue and Pawan Verma for providing fix.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1830448 13f79535-47bb-0310-9956-ffa450edef68

Fixed: setLocaleFromBrowser request missing for webpos component (OFBIZ-9847)

I here revert r1812213 and simply add the required setLocaleFromBrowser

request-map, the include of the whole common-controller is not needed

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1812223 13f79535-47bb-0310-9956-ffa450edef68