ofbiz

Checkout Tools
  • last updated 6 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
"Applied fix from trunk for revision: 1869001"

------------------------------------------------------------------------

r1869001 | mthl | 2019-10-26 16:42:02 +0200 (sam. 26 oct. 2019) | 9 lignes

Fixed: Handle whitelist of serializable classes from properties

(OFBIZ-11261)

There was a bug regarding the way the ‘ListOfSafeObjectsForInputStream’ value

defined in the “SafeObjectInputStream.properties” file was handled. Mistakenly

only one class identifier was allowed.

The tests have not been backported from ‘trunk’ because of the way

‘UtilProperties#setPropertyValueInMemory’ work in 17.12.

------------------------------------------------------------------------

"Applied fix from trunk for revision: 1868611"

------------------------------------------------------------------------

r1868611 | jleroux | 2019-10-19 08:42:07 +0200 (sam. 19 oct. 2019) | 11 lignes

Improved: Handling tenant in XmlRpcEventHandler

(OFBIZ-10284)

The XMLRPC service does not support tenants. Even if the tenant domain is

included in the HTTP request the call does not affect the correct tenant.

The issue and fix has been discussed in in the thread

https://markmail.org/message/bz4dofrxqp6i7ove

jleroux: I was able to port the R16 patch provided by Rajesh to the trunk.

Thanks: Rajesh Kumar Mallah

------------------------------------------------------------------------

"Applied fix from trunk for revision: 1868553"

------------------------------------------------------------------------

r1868553 | jleroux | 2019-10-17 16:26:42 +0200 (jeu. 17 oct. 2019) | 14 lignes

Fixed: FTL error for purchase order with Bulk Item Type

(OFBIZ-11252)

Steps to regenerate:

1. Login into the ordermgr application and click on Order Entry tab

2. Create PO with any supplier

3. Fill details and click on Continue

4. Now select Product Category with Item type Bulk and add the description and

Click on add to order

5. Finalize order with Finalize Order button

6. Add Term type, ship group option, etc details and create Order.

7. Scroll down to Order Items section and See the FTL error on the screen.

Thanks: Devanshu Vyas

------------------------------------------------------------------------

"Applied fix from plugins for revision: 1868545"

------------------------------------------------------------------------

r1868545 | jleroux | 2019-10-17 14:19:33 +0200 (jeu. 17 oct. 2019) | 16 lignes

Fixed: EditExample always update status, because current Status not shown

(OFBIZ-11230)

In the EditExample Form, the drop-down is populates with the Valid change status

only. So current status is not in the list and the status print in the drop-down

is the next authorized. I want to modify exampleName or exampleType, I go to

editExample and change what I want and validate. The problem is status is also

changed!

There are 12 other same or similar cases. For the first of them (in FinAccount)

there is the same bug: when I change FinAccount Name, status change too. If I

add current="first-in-list" in the tag drop-down it works

jleroux: Quote is a peculiar case due to OFBIZ-7337 which was a wrong fix

Thanks: Oliver for the analysis and the fix

------------------------------------------------------------------------

"Applied fix from trunk for revision: 1868545"

------------------------------------------------------------------------

r1868545 | jleroux | 2019-10-17 14:19:33 +0200 (jeu. 17 oct. 2019) | 16 lignes

Fixed: EditExample always update status, because current Status not shown

(OFBIZ-11230)

In the EditExample Form, the drop-down is populates with the Valid change status

only. So current status is not in the list and the status print in the drop-down

is the next authorized. I want to modify exampleName or exampleType, I go to

editExample and change what I want and validate. The problem is status is also

changed!

There are 12 other same or similar cases. For the first of them (in FinAccount)

there is the same bug: when I change FinAccount Name, status change too. If I

add current="first-in-list" in the tag drop-down it works

jleroux: Quote is a peculiar case due to OFBIZ-7337 which was a wrong fix

Thanks: Oliver for the analysis and the fix

------------------------------------------------------------------------

Improved: no functional change

Just better English in message

"Applied fix from trunk for revision: 1868395"

------------------------------------------------------------------------

r1868395 | jleroux | 2019-10-13 12:37:08 +0200 (dim. 13 oct. 2019) | 8 lignes

Fixed: Merge UrlRegexpTransform and OfbizUrlTransform classes

(OFBIZ-11229)

OFBIZ-4361 depends on this issue. Here is a first version, the main identified

point was when the request isn't present (email send, service call) the website

isn't pull from context. This solves this aspect

Thanks: Nicolas for the patch

------------------------------------------------------------------------

"Applied fix from trunk for revision: 1868298"

------------------------------------------------------------------------

r1868298 | jleroux | 2019-10-11 18:45:16 +0200 (ven. 11 oct. 2019) | 20 lignes

Fixed: NotSerializableException after uploading images to an order

(OFBIZ-11123)

I found that using in r1866259 the same fix than Si Chen used in OFBIZ-750 was

wrong. The code just above this fix is

{code:java}

if (obj instanceof Serializable) {

reqAttrMap.put(name, obj);

}

{code}

The problem with this code is that if does not handle inner Maps which may

contain a non Serializable Object. So the solution is rather to get one level

deeper and apply the same. We can then remove the harcoded lines with

"uploadedFile" and "_REQUEST_HANDLER_" below. Then all possible cases are handled

as long as we have not inner-inner-Maps

------------------------------------------------------------------------

Improved: no functional change

As reported by Ethan Vos on user ML, sometimes the alias between wget and

Invoke-WebRequest is not present on Windows 7, better keep it simple!

Also removes the comment:

Anyway I believe this should be only used in dev environment

which is no longer true

Applied fix from trunk for revision: 1867972

===

Reverted: User is unable to update the review of product

(OFBIZ-10799)

Reverted rev 1867904

Thanks: Deepak Dixit for reporting the issue.

Applied fix from trunk for revision: 1867937

===

'At least one phone number is required below' message should be uneditable while creating new customer using partymgr

(OFBIZ-11113)

Thanks: Arpit Mor for report and Saurabh Dixit for the patch.

Applied fix from trunk for revision: 1867930

===

Fixed: Check run payment(A/P) transactions not getting available for reconciliation

(OFBIZ-10796)

Check run payment group transactions don't get available for Financial Account reconciliation. Though the financial account balance gets updated during the A/P check run process, the system must allow the user with an additional step of reconciling the transactions.

The cause of this is that the financial account transaction doesn't get created in the 'Created' status and has an 'Approved' status. An approved status financial transaction directly updates the financial account balance and thus don't appear in the list of the transactions to be reconciled.

Thanks: Chinmay Patidar for your contribution and Pierre Smits for the review.

Applied fix from trunk for revision: 1867910

===

Fixed: Sales By Store Report not working

(OFBIZ-11119)

Added Null check to avoid Exception.

Thanks: Chandan Khandelwal for your contribution.

Applied fix from trunk for revision: 1867904

===

Fixed: User is unable to update the review of product

(OFBIZ-10799)

Redirected request with eligible parameters so that If the user had a search using any parameter result should persist after the update.

Thanks: Ashish Sharma for report and Pierre Smits and Jacques Le Roux for the review.

"Applied fix from plugins for revision: 1867849"

------------------------------------------------------------------------

r1867849 | jleroux | 2019-10-01 19:32:02 +0200 (mar. 01 oct. 2019) | 18 lignes

Fixed: Issue with "User name filed" while creating the new user

(OFBIZ-11226)

Steps to regenerate:

Open URL https://demo-trunk.ofbiz.apache.org

2. Click on the "Register" button for creating a new customer

3. Enter all the mandatory details for the registring a new customer

4. Enter the user name with a dot (.), for example: "demo.user"

5. Click on the "Save" button

Actual: Error message "Username can only have letters, digits and the _-

characters" is displaying on the screen.

Expected: Dot (.) should be also allowed in validation rules when we enter user

name manually with a dot (.)

Thanks: Vedansh Tiwari for report

------------------------------------------------------------------------

Applied fix from trunk for revision: 1867745

===

Fixed: redundant license text

"Applied fix from plugins for revision: 1867717"

------------------------------------------------------------------------

r1867717 | jleroux | 2019-09-29 11:43:42 +0200 (dim. 29 sept. 2019) | 11 lignes

Fixed: Freemarker error on reviewProduct page on storefront

(OFBIZ-11108)

Steps to regenerate:

1)Navigate to https://demo-trunk.ofbiz.apache.org/ecommerce/control/main

2) User should not be logged in

3) Click on any product

4) Click on Be The First To Review This Product! link

5) FTL error for the null check is occurring

Thanks: Minal Phalak for the patch and Suraj for review

------------------------------------------------------------------------

"Applied fix from plugins for revision: 1867712"

------------------------------------------------------------------------

r1867712 | jleroux | 2019-09-29 11:31:59 +0200 (dim. 29 sept. 2019) | 9 lignes

Improved: UI issue on ecommerce Product page

(OFBIZ-10884)

Navigate to demo-trunk ecom

Click on Product titled as Enchiladas, It redirects to the product page

On the Product page, Multiple horizontal lines are displayed

Thanks: Garima jain for report, Sourabh Punyani for initial patch and Jayesh

Agrawal for updated patch

------------------------------------------------------------------------

"Applied fix from trunk for revision: 1867585"

------------------------------------------------------------------------

r1867585 | jleroux | 2019-09-26 17:38:52 +0200 (jeu. 26 sept. 2019) | 9 lignes

Fixed: Error in log when looking for parties at partymgr/control/main

(OFBIZ-11201)

These are similar issues in Minilang than the one fixed initially for

<set field="userLoginSize" value="${util:size(logins)}" type="Integer"/>

Fixed by replacing by

<set field="userLoginSize" value="${groovy:logins.size()}"/>

------------------------------------------------------------------------

Fixed: Default option for ModelFormField.DateFindField doesn't work

(OFBIZ-11212)

When you use a date-find element on form, the defaut option are in code like to greater_than and less _than

public DateFindField(int fieldSource, String type) {

super(fieldSource, type);

this.defaultOptionFrom = greaterThanEqualTo;

this.defaultOptionThru = lessThanEqualTo;

}

but on macro

<#macro renderDateFindField ...

<option value=greaterThan<#if defaultOptionFrom==greaterThan> selected=selected</#if>></option><#rt/>

...

<option value=opLessThan<#if defaultOptionThru==opLessThan> selected=selected</#if>></option><#rt/>

...

</#macro>

So the value java isn't correct with ftl values and default value never used.

"Applied fix from trunk for revision: 1867577" (by hand)

------------------------------------------------------------------------

r1867577 | jleroux | 2019-09-26 16:41:50 +0200 (jeu. 26 sept. 2019) | 8 lignes

Fixed: Fix multi modal opening

(OFBIZ-11211)

The issue is that when closing the modal the div inside html dom is not removed.

Then opening a second time create another identical div. Since a lookup is based

on an unique id, this id is no more unique...

Thanks: Carl Demus

------------------------------------------------------------------------

Fixed: Send upload form with even-update-area doesn't work (Backport from trunk)

(OFBIZ-11207)

When you create a xml form with upload as type, you can't use on-event-update-area element to submit it by ajax.

Otherwise, OFBiz return an error message on 'uploadFile is empty.

To solve it, we analyze the enctype's form before submit it to move on FormData instead a direct serialize [1]

example form where the problem has been present

****

<form name='AddNicelyFile' type='upload' target='CreateNicelyFile'>

<field name='uploadedFile' title='File'><file/></field>

<field name='addButton'><submit/></field>

<on-event-update-area event-type='submit' area-id='window' area-target='FileDisplaying'/>

</form>

****

Thanks to Samuel Tregouet for this fix

[1] https://developer.mozilla.org/en-US/docs/Web/API/FormData/Using_FormData_Objects

"Applied fix from trunk for revision: 1867099"

------------------------------------------------------------------------

r1867099 | jleroux | 2019-09-18 09:29:18 +0200 (mer. 18 sept. 2019) | 17 lignes

Fixed: Error in log when looking for parties at partymgr/control/main

(OFBIZ-11201)

There is this a (long stack trace) error in log (only), mostly

java.lang.ClassCastException: java.util.ArrayList cannot be cast to java.util.Map

at org.apache.ofbiz.base.util.string.UelFunctions.getSize(UelFunctions.java:318)

I did not notice any other effect, so the fix only cleans the log.

It's actually an issue in ListParty grid with this line:

<set field="userLoginSize" value="${util:size(logins)}" type="Integer"/>

This fixes it by replacing by

<set field="userLoginSize" value="${groovy:logins.size()}"/>

------------------------------------------------------------------------

"Applied fix from trunk for revision: 1867038"

------------------------------------------------------------------------

r1867038 | jleroux | 2019-09-17 08:32:20 +0200 (mar. 17 sept. 2019) | 11 lignes

Documented:

Got this error with Eclipse Asciidoctor editor plugin

>> rendering:-273312131_hidden-editorfile_developer-manual.adoc

asciidoctor: WARNING: C:/projectsASF/ofbiz/framework/minilang/docs/asciidoc/minilang-to-groovy-manual.adoc: line 473: unterminated listing block

asciidoctor: WARNING: C:/projectsASF/ofbiz/framework/minilang/docs/asciidoc/minilang-to-groovy-manual.adoc: line 511: unterminated listing block

This fixes it

------------------------------------------------------------------------

"Applied fix from trunk for revision: 1866986"

------------------------------------------------------------------------

r1866986 | jleroux | 2019-09-16 10:20:46 +0200 (lun. 16 sept. 2019) | 4 lignes

Fixed: Path Traversal in webtools/control/FetchLogs and ViewFile

(OFBIZ-11196)

Fixes a typo which was crashing webtools/control/LogView

------------------------------------------------------------------------

Improved: Document how to store the JWT secret key

(OFBIZ-10751)

Copy manually all files from trunk because of weird conflicts

"Applied fix from trunk for revision: 1866920"

------------------------------------------------------------------------

r1866920 | jleroux | 2019-09-14 10:19:18 +0200 (sam. 14 sept. 2019) | 18 lignes

Fixed: Path Traversal in webtools/control/FetchLogs and ViewFile

(OFBIZ-11196)

These are not really path traversal issues.

We can't solve them using the traditional way to fix path traversal issues

(ie normalising path). Because Fetchlogs and ViewFile are actually reading

files and if you have the right to read these files then nothing will prevent

you to read them.

The problem is more what those requests are supposed to do.

Fetchlogs is supposed to read a log in the log dir

and ViewFile is supposed to read a file containing labels

(ie either an XML or Properties file).

So the solution is to allow these requests to only do what they are supposed to

do. This is what is done in ViewFile and FetLogs Groovy files.

------------------------------------------------------------------------

"Applied fix from trunk for revision: 1866890"

------------------------------------------------------------------------

r1866890 | jleroux | 2019-09-13 12:15:03 +0200 (ven. 13 sept. 2019) | 8 lignes

Improved: FindArInvoices request needs performance improvement regarding use of

EntityListIterator::hasNext method

(OFBIZ-11198)

FindAPInvoices request does not suffer from this issue nor findInvoice request.

This was due to <screen name="FindArInvoices"> definition

Using something similar than <screen name="FindApInvoices"> fixes the issue

------------------------------------------------------------------------

"Applied fix from trunk for revision: 1866834"

------------------------------------------------------------------------

r1866834 | jleroux | 2019-09-12 09:49:41 +0200 (jeu. 12 sept. 2019) | 8 lignes

Improved: Improve ObjectInputStream class

(OFBIZ-10837)

Allows users to easily override the list of accepted objects by using the

listOfSafeObjectsForInputStream property

CVE-2019-0189

------------------------------------------------------------------------

"Applied fix from trunk for revision: 1865852"

------------------------------------------------------------------------

r1865852 | pawan | 2019-08-24 16:28:57 +0200 (sam. 24 août 2019) | 8 lignes

Fixed: Issue of unable to view a PartyContent on view profile page of a party

(OFBIZ-11038)

When click on view button img request will be hit along with contentName and imgId as a parameter. This request invokes serveImage event(DataEvents.java) which is deprecated now.

Instead of img request we can call stream request with contentId as a parameter that invokes serveObjectData event.

This will work as per the value of content-disposition-type (requestHandler.properties) i.e. attachement or inline

Thanks: Devanshu Vyas for reporting the issue and Humera Khan for the patch and Prachi Shastri for testing of the bug.

------------------------------------------------------------------------