ofbiz

Checkout Tools
  • last updated 1 hour ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Documented:

Got this error with Eclipse Asciidoctor editor plugin

>> rendering:-273312131_hidden-editorfile_developer-manual.adoc

asciidoctor: WARNING: C:/projectsASF/ofbiz/framework/minilang/docs/asciidoc/minilang-to-groovy-manual.adoc: line 473: unterminated listing block

asciidoctor: WARNING: C:/projectsASF/ofbiz/framework/minilang/docs/asciidoc/minilang-to-groovy-manual.adoc: line 511: unterminated listing block

This fixes it

Fixed: Path Traversal in webtools/control/FetchLogs and ViewFile

(OFBIZ-11196)

Fixes a typo which was crashing webtools/control/LogView

Fixed: Fix Default or Empty Catch block in Java and Groovy files

(OFBIZ-8341)

In many Java and Groovy files we have auto generated catch blocks or empty catch

blocks.

To avoid such exception swallowing this should be improved to at least log the

error and also return error in case of service.

Missed this one in last commit

Improved: Use spaces instead of tabs in “common.gradle”

Thanks: Samuel Trégouët for your contribution

Improved: Don't exclude properties and labels file from the Jar

(OFBIZ-11161)

In order to have an independent deployable jar, we need to include the

properties and labels inside the jar.

The properties and labels file was previously excluded from the jar

because it was not possible to replace the compile time values by

invalidating OFBiz caches which is convenient when developing

OFBiz. It was then necessary to reconstruct the jar and restart

OFBiz (See OFBIZ-8321 for more details).

With the recent improvment from revision 1865719 allowing to run OFBiz

without building a jar, it is now possible to enable this cache

invalidation by running both ‘gradle run’ in one shell and ‘gradlew

--continuous classes’ in a separate shell. Doing so make the

combination of editing the label files and clearing the caches use

the new value defined in the source file.

Fixed: Fix Default or Empty Catch block in Java and Groovy files

(OFBIZ-)

In many Java and Groovy files we have auto generated catch blocks or empty catch

blocks.

To avoid such exception swallowing this should be improved to at least log the

error and also return error in case of service.

Last ones :)

Fixed: Fix Default or Empty Catch block in Java and Groovy files

(OFBIZ-)

In many Java and Groovy files we have auto generated catch blocks or empty catch

blocks.

To avoid such exception swallowing this should be improved to at least log the

error and also return error in case of service.

Here we use 3 try-with-ressource blocks and log some errors

Fixed: Fix Default or Empty Catch block in Java and Groovy files

(OFBIZ-)

In many Java and Groovy files we have auto generated catch blocks or empty catch

blocks.

To avoid such exception swallowing this should be improved to at least log the

error and also return error in case of service.

Here we use a try-with-ressource block and log some errors

Improved: Document how to store the JWT secret key

(OFBIZ-10751)

Adds a link to OWASP documentation

Improved: Refactor boolean returns from methods

(OFBIZ-10725)

Stumbled upon it by chance, a last one

Improved: Refactor boolean returns from methods

(OFBIZ-10725)

Reverts mistakes made in previous commit

Improved: Refactor boolean returns from methods

(OFBIZ-10725)

Stumbled upon it by chance, here are few changes

Improved: no functional change

In my previous commit I forgot I used FileUtile::normalizePath (old name

of now normalizeFilePath) in FileUtile::getFile. This is useless, and reverted

here

Improved: no functional change

While working on OFBIZ-11196,I renamed the normalizePath() method in FileUtil

class to createFileWithNormalizedPath() and added the normalizeFilePath()

method which deals only with String (in -> out), could be useful later...

Fixed: Path Traversal in webtools/control/FetchLogs and ViewFile

(OFBIZ-11196)

These are not really path traversal issues.

We can't solve them using the traditional way to fix path traversal issues

(ie normalising path). Because Fetchlogs and ViewFile are actually reading

files and if you have the right to read these files then nothing will prevent

you to read them.

The problem is more what those requests are supposed to do.

Fetchlogs is supposed to read a log in the log dir

and ViewFile is supposed to read a file containing labels

(ie either an XML or Properties file).

So the solution is to allow these requests to only do what they are supposed to

do. This is what is done in ViewFile and FetLogs Groovy files.

Improved: FindArInvoices request needs performance improvement regarding use of

EntityListIterator::hasNext method

(OFBIZ-11198)

FindAPInvoices request does not suffer from this issue nor findInvoice request.

This was due to <screen name="FindArInvoices"> definition

Using something similar than <screen name="FindApInvoices"> fixes the issue

Improved: Unknown request [d.png]; this request does not exist or cannot be

called directly.

(OFBIZ-11199)

I suppose this issue is similar to OFBIZ-11152. So I'm handling it the same.

It's not an end to the underneath issue but at least it can reassure user about

things being handled...

Improved: Improve ObjectInputStream class

(OFBIZ-10837)

Allows users to easily override the list of accepted objects by using the

listOfSafeObjectsForInputStream property

CVE-2019-0189

Improved: Remove redundant type declarations

Improved: no functional change

Removes duplicated label

Improved: Document how to store the JWT secret key

(OFBIZ-10751)

Adds a link to OFBIZ-11187

Improved: Refactoring permission model call

(OFBIZ-7113)

As mentioned by Mathieu on dev ML uses rather a boolean than a token for

"require-new-transaction" and "return-error-on-failure"

Also some formatting while at it.

Implemented: Convert Picklist related CRUD services from simple to entity-auto

(OFBIZ-10636)

services converted:

* createPicklist

* updatePicklist

* deletePicklist

* createPicklistBin

* deletePicklistBin

* createPicklistItem

* updatePicklistItem

* updatePicklistItem

* deletePicklistItem

* createPicklistRole

* deletePicklistRole

Entity Picklist received to new field createdDate and lastModifiedDate

that needed to support automatic setting of createdByUserLogin natevily

by entity auto engine

Thanks to Pallavi Goyal for this issue and Suraj Khurana for the remind.

Improved: Manage itemStatusId and oldItemStatusId on entity-auto engine

(OFBIZ-11183)

Currently the entity auto engine manage the status change operation on an Entity

during an update, with analyse the field statusId as new status and compare with current

value through StatusValidChange system. If the change is validated, the previous status

is returned in oldStatusId service parameter.

Service definition example :

<service name=updateRequirement default-entity-name=Requirement engine=entity-auto invoke=update auth=true>

<description>Update an existing requirement</description>

<auto-attributes include=pk mode=IN optional=false/>

<auto-attributes include=nonpk mode=IN optional=true/>

<attribute name=oldStatusId type=String mode=OUT optional=true/>

</service>

I extend this process to an other standard status field: itemStatusId and oldItemStatusId, often present on item element

<service name=updatePicklistItem default-entity-name=PicklistItem engine=entity-auto invoke=update auth=true>

<description>Update PicklistItem</description>

<auto-attributes include=pk mode=IN optional=false/>

<auto-attributes include=nonpk mode=IN optional=true/>

<attribute name=oldItemStatusId type=String mode=OUT optional=true/>

</service>

To realize this, I convert all call on statusId and oldStatusId raw naming by a dynamic resolution field name resolution.

Like this the logical for statusId or itemStatusId are exactly the same

Improved: PicklistStatusHistory doesn't follow history entity status pattern

(OFBIZ-11182)

The entity PicklistStatusHistory record each status change realized on picklist.

It can't be convert to entity-auto easily because PicklistStatusHistory's fields pattern

doesn't follow same entities like ShipmentStatus and PartyStatus.

To solve this issue, I deprecate PicklistStatusHistory and move it to OldPicklistStatusHistory

and replace it by new entity PicklistStatus that can use natively with entityauto.

I added a new migration service migrateOldPicklistStatusHistoryToPickListStatus to forward all

picklist status history to new entity.

Improved: Document how to store the JWT secret key

(OFBIZ-10751)

Fixes a typo

Improved: Document how to store the JWT secret key

(OFBIZ-10751)

AS discussed in dev ML at https://markmail.org/message/dtjnu7fdi5noeagk and

previously in OFBIZ-9833 & OFBIZ-10307 we want to document how to store the

JWT secret key.

We agreed about keeping it as a property OOTB; and giving a link from the

security properties file to suggest how to better do it in production.

Fixed: Any ecommerce user has the ability to reset anothers password

(including admin) via "Forget Your Password"

(OFBIZ-4361)

Adds the security.token.key value and change the login.secret_key_string value

The security.token.key value is not mandatory for the "Forget Your Password"

feature but then only the username and password are used to create the JWT key.

Adds a reference for both properties to the

"Passwords and JWT (JSON Web Tokens) usage"

documentation to suggest users to choose the way to store these keys

Fix parenthesis syntax error in groovy

(OFBIZ-11186)

Thanks Samuel Trégouët for your contribution

Improved: Get correct information history for Company Header in pdf document

(OFBIZ-11177)

CompanyHeader.groovy now use the rendered document date

as a reference to retrieve company data.

Thanks Carl Demus for your contribution