ofbiz

Checkout Tools
  • last updated 13 mins ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates

Changeset 1864953 is being indexed.

Improved: Use method references instead of lambda inside variables

(OFBIZ-10817)

Lambda expressions are not meant to be stored inside variables. In

most cases it is better to define a static method and use a method

reference instead. Static methods have the benefits of having a more

explicit signature and some javadoc attached to them.

Updates demos wiki page
Improved: NO functional change

Updates the README.md.html for 16.11.06

"Applied fix from trunk for revision: 1864930"

------------------------------------------------------------------------

r1864930 | jleroux | 2019-08-11 15:23:19 +0200 (dim. 11 août 2019) | 4 lignes

Fixed: [FB] Find Security Bugs

(OFBIZ-9973)

As suggested by Mathieu on dev ML factorises the use of Path::normalize

------------------------------------------------------------------------

"Applied fix from trunk for revision: 1864930"

------------------------------------------------------------------------

r1864930 | jleroux | 2019-08-11 15:23:19 +0200 (dim. 11 août 2019) | 4 lignes

Fixed: [FB] Find Security Bugs

(OFBIZ-9973)

As suggested by Mathieu on dev ML factorises the use of Path::normalize

------------------------------------------------------------------------

Fixed: [FB] Find Security Bugs

(OFBIZ-9973)

As suggested by Mathieu on dev ML factorises the use of Path::normalize

Implemented: Remove the Gradle wrapper from our release packages and add a step

to our build notes

(OFBIZ-10145)

Adds the Windows init-gradle-wrapper scripts (both .bat et .ps1) in all

concerned branch (trunk, R18, R17)

These are very simple because I believe (almost?) nobody is using a Windows

server to deploy OFBiz in production. So they will be only used in development

environment. In case deployment in production is needed they supply a base to

work on...

The init-gradle-wrapper.ps1 scripts use only HTTP and not HTTPS because it's

very difficult to handle all the issues related with different versions of

Powershell and .net in different versions of Windows. Better to let that to

deployment in case it's really needed...

    • ?
    /ofbiz-framework/trunk/gradle/init-gradle-wrapper.ps1
    • ?
    /ofbiz-framework/trunk/init-gradle-wrapper.bat
Reverted: Remove the Gradle wrapper from our release packages and add a step

to our build notes

(OFBIZ-10145)

As explained in https://github.com/gradle/gradle/issues/2852 we shouldn't/don't

need to put an ASL2 header in Gradle wrapper files

"Applied fix from trunk for revision: 1864891"

------------------------------------------------------------------------

r1864891 | jleroux | 2019-08-10 19:02:12 +0200 (sam. 10 août 2019) | 6 lignes

Fixed: In Product Image Management Uploading file fails due to missing

StatusValidChange

(OFBIZ-11148)

With last commit I introduced a dependency from ProductSeedData to

ContentSeedData. The loadAll tasks failed because of that, this fixes it.

------------------------------------------------------------------------

"Applied fix from trunk for revision: 1864891"

------------------------------------------------------------------------

r1864891 | jleroux | 2019-08-10 19:02:12 +0200 (sam. 10 août 2019) | 6 lignes

Fixed: In Product Image Management Uploading file fails due to missing

StatusValidChange

(OFBIZ-11148)

With last commit I introduced a dependency from ProductSeedData to

ContentSeedData. The loadAll tasks failed because of that, this fixes it.

------------------------------------------------------------------------

Fixed: In Product Image Management Uploading file fails due to missing

StatusValidChange

(OFBIZ-11148)

With last commit I introduced a dependency from ProductSeedData to

ContentSeedData. The loadAll tasks failed because of that, this fixes it.

"Applied fix from trunk framework for revision: 1864881"

------------------------------------------------------------------------

r1864881 | jleroux | 2019-08-10 17:51:19 +0200 (sam. 10 août 2019) | 7 lignes

Fixed: [FB] Find Security Bugs

(OFBIZ-9973)

This fixes an issue in FrameImage::uploadFrame which was reported by Man Yue Mo

as described in OFBIZ-9973

I finally decided to follow OWASP advice about using normalize()

------------------------------------------------------------------------

?\026

"Applied fix from trunk for revision: 1864881"

------------------------------------------------------------------------

r1864881 | jleroux | 2019-08-10 17:51:19 +0200 (sam. 10 août 2019) | 7 lignes

Fixed: [FB] Find Security Bugs

(OFBIZ-9973)

This fixes an issue in FrameImage::uploadFrame which was reported by Man Yue Mo

as described in OFBIZ-9973

I finally decided to follow OWASP advice about using normalize()

------------------------------------------------------------------------

"Applied fix from trunk for revision: 1864881"

------------------------------------------------------------------------

r1864881 | jleroux | 2019-08-10 17:51:19 +0200 (sam. 10 août 2019) | 7 lignes

Fixed: [FB] Find Security Bugs

(OFBIZ-9973)

This fixes an issue in FrameImage::uploadFrame which was reported by Man Yue Mo

as described in OFBIZ-9973

I finally decided to follow OWASP advice about using normalize()

------------------------------------------------------------------------

Fixed: [FB] Find Security Bugs

(OFBIZ-9973)

This fixes an issue in FrameImage::uploadFrame which was reported by Man Yue Mo

as described in OFBIZ-9973

I finally decided to follow OWASP advice about using normalize()

Tag for Release apache-ofbiz-16.11.06
Added the tentative release notes (and its template) for the candidate release

16.11.06, in preparation for the vote.

    • ?
    /site/template/page/release-notes-16.11.06.tpl.php
Implemented: Homogenize displaying number with multiple format

(OFBIZ-7532)

To display a number we had different possibilities :

* on ftl use the template <@ofbizAmount and <@ofbizCurrency

* by java call a function UtilFormatOut.formatAmount, UtilFormatOut.formatPrice, UtilFormatOut.formatQuantity, etc..

* by form widget, use <display type=accounting-number for accounting but nothing for other

To simplify and homogenize all, I implemented a number type purpose :

* default: display a number by default, use when no purpose is present

* quantity: display a number as a quantity

* amount: display a number as an amount (like price without currency)

* spelled: litteral displaying for a number (use on <@ofbizAmount ftl only before)

* percentage: display a number as a percentage

* accounting: diplay a number for accounting specific

Each purpose can be associate to a number for displaying it :

* on ftl <@ofbizNumber number=value format=purpose/>

* on java UtilFormatOut.formatNumber(value, purpose, delegator, locale)

* on form widget <display type=number format=purpose/>

The format use by a purpose is define on framework/common/config/number.properties with the template

.displaying.format = ##0.00

With this, you can surchage a configuration, create your own purpose or surchage only one through entity SystemProperty.

Concerning the backware compatibility:

* For the ftl the template <@ofbizAmount is now a link to '<@ofbizNumber format=amount'

* For java all previous function call UtilFormatOut.formatNumber with the matching purpose

* For form xml accounting-number is managed as an exection

Last point, display a currency is different that a number, so I didn't refactoring some code for this case (only move properties from general to number for centralize de configuration on the same file)

Thanks Charles Steltzlen to start the refactoring

Implemented: Backport: Helper script to download the gradle wrapper

(OFBIZ-10145)

Add a helper script to download gradle-wrapper.jar and gradle-wrapper.properties

at version 5.0.0 from bintray [1] when gradle/wrapper/gradle-wrapper.jar isn't present.

To use it just run at the OFBiz root :

$ sh gradle/init-gradle-wrapper.sh

[1] https://dl.bintray.com/apacheofbiz/GradleWrapper/

[2] https://github.com/gradle/gradle/blob/v5.0.0/gradle/wrapper/

Implemented: Helper script to download the gradle wrapper

(OFBIZ-10145)

Add a helper script to download gradle-wrapper.jar and gradle-wrapper.properties

at version 5.0.0 from bintray [1] when gradle/wrapper/gradle-wrapper.jar isn't present.

To use it just run at the OFBiz root :

$ sh gradle/init-gradle-wrapper.sh

[1] https://dl.bintray.com/apacheofbiz/GradleWrapper/

[2] https://github.com/gradle/gradle/blob/v5.0.0/gradle/wrapper/

    • ?
    /ofbiz-framework/trunk/gradle/init-gradle-wrapper.sh
Implemented: Helper script to download the gradle wrapper

(OFBIZ-10145)

Add a helper script to download gradle-wrapper.jar and gradle-wrapper.properties

at version 3.2.1 from bintray [1] when gradle/wrapper/gradle-wrapper.jar isn't present.

To use it just run at the OFBiz root :

$ sh gradle/init-gradle-wrapper.sh

Tagged gradle version from the gradle community [2] contains an error on the gradle-wrapper.properties

(distribution url -> https://services.gradle.org/distributions-snapshots/gradle-3.2.1-20161121174103+0000-bin.zip seems to not exist)

that break the wrapper init. So use own version to correct this.

[1] https://dl.bintray.com/apacheofbiz/GradleWrapper/

[2] https://github.com/gradle/gradle/blob/v3.2.1/gradle/wrapper/

Fixed: Added back the Gradle Wrapper files that I have removed in rev. 1864797

in preparation for the new release since they are required by the CI scripts; as

discussed in the dev list they will be removed by the release files only.

Fixed: Remove Gradle Wrapper files to comply with the ASF licensing

requirements.

(OFBIZ-10145)

Remove gradle-wrapper.jar and other automatically generated files in

preparation for the new release.

Upgraded build.gradle to remove deprecated directives that do not

work with recent versions of Gradle.

Updated the README notes according to the new prerequisites for

building our product.

"Applied fix from trunk for revision: 1864721"

------------------------------------------------------------------------

r1864721 | jleroux | 2019-08-08 17:52:04 +0200 (jeu. 08 août 2019) | 9 lignes

Fixed: In Product Image Management Uploading file fails due to missing

StatusValidChange

(OFBIZ-11148)

The error is

java.lang.Exception: Error in Service [updateContent]: Error:

status change from [CTNT_IN_PROGRESS] to [IM_PENDING] is not allowed.

The issue does not exist in R16. So I guess it's because of OFBIZ-9907.

------------------------------------------------------------------------

"Applied fix from trunk for revision: 1864721"

------------------------------------------------------------------------

r1864721 | jleroux | 2019-08-08 17:52:04 +0200 (jeu. 08 août 2019) | 9 lignes

Fixed: In Product Image Management Uploading file fails due to missing

StatusValidChange

(OFBIZ-11148)

The error is

java.lang.Exception: Error in Service [updateContent]: Error:

status change from [CTNT_IN_PROGRESS] to [IM_PENDING] is not allowed.

The issue does not exist in R16. So I guess it's because of OFBIZ-9907.

------------------------------------------------------------------------

Fixed: In Product Image Management Uploading file fails due to missing

StatusValidChange

(OFBIZ-11148)

The error is

java.lang.Exception: Error in Service [updateContent]: Error:

status change from [CTNT_IN_PROGRESS] to [IM_PENDING] is not allowed.

The issue does not exist in R16. So I guess it's because of OFBIZ-9907.

"Applied fix from trunk framework for revision: 1864716"

------------------------------------------------------------------------

r1864716 | jleroux | 2019-08-08 17:28:45 +0200 (jeu. 08 août 2019) | 15 lignes

Fixed: [FB] Find Security Bugs

(OFBIZ-9973)

FindBugs is now deprecated and replaced by Spotbugs

Last time I forgot to encode productId as reported by Man Yue Mo from Semmle

This eventually fixes the "Relative path traversal" issue reported by Spotbugs

by encoding the whole file name.

Nevertheless Spotbugs continues to report the same issue in trunk but not in R16

I have not ideas why and I see no other possible issue.

I will backport and check again.

------------------------------------------------------------------------

?\026

"Applied fix from trunk for revision: 1864716"

------------------------------------------------------------------------

r1864716 | jleroux | 2019-08-08 17:28:45 +0200 (jeu. 08 août 2019) | 15 lignes

Fixed: [FB] Find Security Bugs

(OFBIZ-9973)

FindBugs is now deprecated and replaced by Spotbugs

Last time I forgot to encode productId as reported by Man Yue Mo from Semmle

This eventually fixes the "Relative path traversal" issue reported by Spotbugs

by encoding the whole file name.

Nevertheless Spotbugs continues to report the same issue in trunk but not in R16

I have not ideas why and I see no other possible issue.

I will backport and check again.

------------------------------------------------------------------------

"Applied fix from trunk for revision: 1864716"

------------------------------------------------------------------------

r1864716 | jleroux | 2019-08-08 17:28:45 +0200 (jeu. 08 août 2019) | 15 lignes

Fixed: [FB] Find Security Bugs

(OFBIZ-9973)

FindBugs is now deprecated and replaced by Spotbugs

Last time I forgot to encode productId as reported by Man Yue Mo from Semmle

This eventually fixes the "Relative path traversal" issue reported by Spotbugs

by encoding the whole file name.

Nevertheless Spotbugs continues to report the same issue in trunk but not in R16

I have not ideas why and I see no other possible issue.

I will backport and check again.

------------------------------------------------------------------------

Fixed: [FB] Find Security Bugs

(OFBIZ-9973)

FindBugs is now deprecated and replaced by Spotbugs

Last time I forgot to encode productId as reported by Man Yue Mo from Semmle

This eventually fixes the "Relative path traversal" issue reported by Spotbugs

by encoding the whole file name.

Nevertheless Spotbugs continues to report the same issue in trunk but not in R16

I have not ideas why and I see no other possible issue.

I will backport and check again.