ofbiz

Checkout Tools
  • last updated 17 mins ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
"Applied fix from trunk framework for revision: 1869001"

------------------------------------------------------------------------

r1869001 | mthl | 2019-10-26 16:42:02 +0200 (sam. 26 oct. 2019) | 9 lignes

Fixed: Handle whitelist of serializable classes from properties

(OFBIZ-11261)

There was a bug regarding the way the ‘ListOfSafeObjectsForInputStream’ value

defined in the “SafeObjectInputStream.properties” file was handled. Mistakenly

only one class identifier was allowed.

The tests have not been backported from ‘trunk’ because of the way

‘UtilProperties#setPropertyValueInMemory’ work in 16.11.

------------------------------------------------------------------------

"Applied fix from trunk framework for revision: 1868611"

------------------------------------------------------------------------

r1868611 | jleroux | 2019-10-19 08:42:07 +0200 (sam. 19 oct. 2019) | 11 lignes

Improved: Handling tenant in XmlRpcEventHandler

(OFBIZ-10284)

The XMLRPC service does not support tenants. Even if the tenant domain is

included in the HTTP request the call does not affect the correct tenant.

The issue and fix has been discussed in in the thread

https://markmail.org/message/bz4dofrxqp6i7ove

jleroux: I was able to port the R16 patch provided by Rajesh to the trunk.

Thanks: Rajesh Kumar Mallah

------------------------------------------------------------------------

?\026

"Applied fix from trunk framework for revision: 1868553" (by hand)

------------------------------------------------------------------------

r1868553 | jleroux | 2019-10-17 16:26:42 +0200 (jeu. 17 oct. 2019) | 14 lignes

Fixed: FTL error for purchase order with Bulk Item Type

(OFBIZ-11252)

Steps to regenerate:

1. Login into the ordermgr application and click on Order Entry tab

2. Create PO with any supplier

3. Fill details and click on Continue

4. Now select Product Category with Item type Bulk and add the description and

Click on add to order

5. Finalize order with Finalize Order button

6. Add Term type, ship group option, etc details and create Order.

7. Scroll down to Order Items section and See the FTL error on the screen.

Thanks: Devanshu Vyas

------------------------------------------------------------------------

"Applied fix from trunk framework for revision: 1868545" (by hand)

------------------------------------------------------------------------

r1868545 | jleroux | 2019-10-17 14:19:33 +0200 (jeu. 17 oct. 2019) | 16 lignes

Fixed: EditExample always update status, because current Status not shown

(OFBIZ-11230)

In the EditExample Form, the drop-down is populates with the Valid change status

only. So current status is not in the list and the status print in the drop-down

is the next authorized. I want to modify exampleName or exampleType, I go to

editExample and change what I want and validate. The problem is status is also

changed!

There are 12 other same or similar cases. For the first of them (in FinAccount)

there is the same bug: when I change FinAccount Name, status change too. If I

add current="first-in-list" in the tag drop-down it works

jleroux: Quote is a peculiar case due to OFBIZ-7337 which was a wrong fix

Thanks: Oliver for the analysis and the fix

------------------------------------------------------------------------

"Applied fix from trunk framework for revision: 1868545"

------------------------------------------------------------------------

r1868545 | jleroux | 2019-10-17 14:19:33 +0200 (jeu. 17 oct. 2019) | 16 lignes

Fixed: EditExample always update status, because current Status not shown

(OFBIZ-11230)

In the EditExample Form, the drop-down is populates with the Valid change status

only. So current status is not in the list and the status print in the drop-down

is the next authorized. I want to modify exampleName or exampleType, I go to

editExample and change what I want and validate. The problem is status is also

changed!

There are 12 other same or similar cases. For the first of them (in FinAccount)

there is the same bug: when I change FinAccount Name, status change too. If I

add current="first-in-list" in the tag drop-down it works

jleroux: Quote is a peculiar case due to OFBIZ-7337 which was a wrong fix

Thanks: Oliver for the analysis and the fix

------------------------------------------------------------------------

?\026

Improved: no functional change

Just better English in message

"Applied fix from trunk framework for revision: 1868298"

------------------------------------------------------------------------

r1868298 | jleroux | 2019-10-11 18:45:16 +0200 (ven. 11 oct. 2019) | 20 lignes

Fixed: NotSerializableException after uploading images to an order

(OFBIZ-11123)

I found that using in r1866259 the same fix than Si Chen used in OFBIZ-750 was

wrong. The code just above this fix is

{code:java}

if (obj instanceof Serializable) {

reqAttrMap.put(name, obj);

}

{code}

The problem with this code is that if does not handle inner Maps which may

contain a non Serializable Object. So the solution is rather to get one level

deeper and apply the same. We can then remove the harcoded lines with

"uploadedFile" and "_REQUEST_HANDLER_" below. Then all possible cases are handled

as long as we have not inner-inner-Maps

------------------------------------------------------------------------

?\026

Improved: no functional change

As reported by Ethan Vos on user ML, sometimes the alias between wget and

Invoke-WebRequest is not present on Windows 7, better keep it simple!

Also removes the comment:

Anyway I believe this should be only used in dev environment

which is no longer true

Applied fix from trunk for revision: 1867972

===

Reverted: User is unable to update the review of product

(OFBIZ-10799)

Reverted rev 1867904

Thanks: Deepak Dixit for reporting the issue.

Applied fix from trunk for revision: 1867937

===

'At least one phone number is required below' message should be uneditable while creating new customer using partymgr

(OFBIZ-11113)

Thanks: Arpit Mor for report and Saurabh Dixit for the patch.

Applied fix from trunk for revision: 1867930

===

Fixed: Check run payment(A/P) transactions not getting available for reconciliation

(OFBIZ-10796)

Check run payment group transactions don't get available for Financial Account reconciliation. Though the financial account balance gets updated during the A/P check run process, the system must allow the user with an additional step of reconciling the transactions.

The cause of this is that the financial account transaction doesn't get created in the 'Created' status and has an 'Approved' status. An approved status financial transaction directly updates the financial account balance and thus don't appear in the list of the transactions to be reconciled.

Thanks: Chinmay Patidar for your contribution and Pierre Smits for the review.

Applied fix from trunk for revision: 1867910

===

Fixed: Sales By Store Report not working

(OFBIZ-11119)

Added Null check to avoid Exception.

Thanks: Chandan Khandelwal for your contribution.

Applied fix from trunk for revision: 1867904

===

Fixed: User is unable to update the review of product

(OFBIZ-10799)

Redirected request with eligible parameters so that If the user had a search using any parameter result should persist after the update.

Thanks: Ashish Sharma for report and Pierre Smits and Jacques Le Roux for the review.

Fixed: FTL Error on Order Entry Payment screen

(OFBIZ-11122)

Corrected template location path.

Thanks Shikha Jaiswal for your contribution.

"Applied fix from trunk framework for revision: 1867585"

------------------------------------------------------------------------

r1867585 | jleroux | 2019-09-26 17:38:52 +0200 (jeu. 26 sept. 2019) | 9 lignes

Fixed: Error in log when looking for parties at partymgr/control/main

(OFBIZ-11201)

These are similar issues in Minilang than the one fixed initially for

<set field="userLoginSize" value="${util:size(logins)}" type="Integer"/>

Fixed by replacing by

<set field="userLoginSize" value="${groovy:logins.size()}"/>

------------------------------------------------------------------------

?\026

"Applied fix from trunk framework for revision: 1867099"

------------------------------------------------------------------------

r1867099 | jleroux | 2019-09-18 09:29:18 +0200 (mer. 18 sept. 2019) | 17 lignes

Fixed: Error in log when looking for parties at partymgr/control/main

(OFBIZ-11201)

There is this a (long stack trace) error in log (only), mostly

java.lang.ClassCastException: java.util.ArrayList cannot be cast to java.util.Map

at org.apache.ofbiz.base.util.string.UelFunctions.getSize(UelFunctions.java:318)

I did not notice any other effect, so the fix only cleans the log.

It's actually an issue in ListParty grid with this line:

<set field="userLoginSize" value="${util:size(logins)}" type="Integer"/>

This fixes it by replacing by

<set field="userLoginSize" value="${groovy:logins.size()}"/>

------------------------------------------------------------------------

?\026

"Applied fix from trunk framework for revision: 1866986"

------------------------------------------------------------------------

r1866986 | jleroux | 2019-09-16 10:20:46 +0200 (lun. 16 sept. 2019) | 4 lignes

Fixed: Path Traversal in webtools/control/FetchLogs and ViewFile

(OFBIZ-11196)

Fixes a typo which was crashing webtools/control/LogView

------------------------------------------------------------------------

?\026

Improved: Document how to store the JWT secret key

(OFBIZ-10751)

Copy manually all files from trunk because of weird conflicts

"Applied fix from trunk framework for revision: 1866920"

------------------------------------------------------------------------

r1866920 | jleroux | 2019-09-14 10:19:18 +0200 (sam. 14 sept. 2019) | 18 lignes

Fixed: Path Traversal in webtools/control/FetchLogs and ViewFile

(OFBIZ-11196)

These are not really path traversal issues.

We can't solve them using the traditional way to fix path traversal issues

(ie normalising path). Because Fetchlogs and ViewFile are actually reading

files and if you have the right to read these files then nothing will prevent

you to read them.

The problem is more what those requests are supposed to do.

Fetchlogs is supposed to read a log in the log dir

and ViewFile is supposed to read a file containing labels

(ie either an XML or Properties file).

So the solution is to allow these requests to only do what they are supposed to

do. This is what is done in ViewFile and FetLogs Groovy files.

------------------------------------------------------------------------

?\026

"Applied fix from trunk framework for revision: 1866890"

------------------------------------------------------------------------

r1866890 | jleroux | 2019-09-13 12:15:03 +0200 (ven. 13 sept. 2019) | 8 lignes

Improved: FindArInvoices request needs performance improvement regarding use of

EntityListIterator::hasNext method

(OFBIZ-11198)

FindAPInvoices request does not suffer from this issue nor findInvoice request.

This was due to <screen name="FindArInvoices"> definition

Using something similar than <screen name="FindApInvoices"> fixes the issue

------------------------------------------------------------------------

?\026

"Applied fix from trunk framework for revision: 1866834"

------------------------------------------------------------------------

r1866834 | jleroux | 2019-09-12 09:49:41 +0200 (jeu. 12 sept. 2019) | 8 lignes

Improved: Improve ObjectInputStream class

(OFBIZ-10837)

Allows users to easily override the list of accepted objects by using the

listOfSafeObjectsForInputStream property

CVE-2019-0189

------------------------------------------------------------------------

?\026

"Applied fix from trunk framework for revision: 1865852"

------------------------------------------------------------------------

r1865852 | pawan | 2019-08-24 16:28:57 +0200 (sam. 24 août 2019) | 8 lignes

Fixed: Issue of unable to view a PartyContent on view profile page of a party

(OFBIZ-11038)

When click on view button img request will be hit along with contentName and imgId as a parameter. This request invokes serveImage event(DataEvents.java) which is deprecated now.

Instead of img request we can call stream request with contentId as a parameter that invokes serveObjectData event.

This will work as per the value of content-disposition-type (requestHandler.properties) i.e. attachement or inline

Thanks: Devanshu Vyas for reporting the issue and Humera Khan for the patch and Prachi Shastri for testing of the bug.

------------------------------------------------------------------------

?\026

Updates README with correct init-gradle-wrapper filename for Unix-like OS

"Applied fix from trunk framework for revision: 1866259"

------------------------------------------------------------------------

r1866259 | jleroux | 2019-09-02 09:32:48 +0200 (lun. 02 sept. 2019) | 10 lignes

Fixed: NotSerializableException after uploading images to an order

(OFBIZ-11123)

In a lot of services we use the ByteBuffer object to upload files.

When a such service is used with the redirect-parameter in a controller the

ByteBuffer needs to be serialized. Unfortunately ByteBuffer (in our case its

subclass HeapByteBuffer) is not serializable. So that can't work.

Fortunately no redirect-parameter concerns uploadedFile so we can safely remove

it from reqAttrMap in RequestHandler

------------------------------------------------------------------------

?\026

"Applied fix from trunk framework for revision: 1865883"

------------------------------------------------------------------------

r1865883 | jleroux | 2019-08-25 11:48:31 +0200 (dim. 25 août 2019) | 8 lignes

Fixed: UiLabel is missing for Web Analytics Type on content component

(OFBIZ-11170)

Steps to reproduce

content/control/EditWebAnalyticsConfig?webSiteId=WebStoreClone

On that Web Analytics Type UiLabel is missing.

Thanks: Rahul Marjiwe

------------------------------------------------------------------------

?\026

Fixed: Scrum parties don't have partyTypeId set

(OFBIZ-11013)

Added missing partyTypeId data for the Scrum Parties.

Thanks: Pierre Smits for your contribution.

Applied fix from trunk for revision: 1865811

===

Fixed: Order status history should show party id instead of user login id

(OFBIZ-11121)

Thanks: Ashish Kumar Pandey for your contribution.

Updates init-gradle-wrapper.ps1 in order to put gradlew.bat in OFBiz home

Updates README file for instructions to run init-gradle-wrapper in Windows

Updated the README file with the instructions to run the init-gradle-wrapper

file.

Improvements to comments and messages in the init-gradle-wrapper.sh script.

Improved: update init-gradle-wrapper.sh to load gradlew script

When you run 'sh gradle/init-gradle-wrapper.sh', if the script gradlew at the OFBiz root isn't present we download it from bintray.

I also update shasum fingerprint for gradle-wrapper.jar and gradle-wrapper.properties related to 16.10 release.