Clone Tools
  • last updated 29 mins ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Improved: Removed unused imports from Java files for fixing checkstyle errors (OFBIZ-11930)

Fixes few javadoc issues

Since this has been ignored for few commits I need to increase

tasks.checkstyleMain.maxErrors from 12224 to 12247 (did not check the detail)

  1. … 5 more files in changeset.
Improved: Removed unused imports from Java files for fixinf checkstyle errors

(OFBIZ-11930)

Thanks: Priya Sharma

  1. … 6 more files in changeset.
Improved: Corrected all redundant modifiers occurences in framework component. Also, fixed some other checkstyle line formatting and spacing issues. (OFBIZ-11925)

  1. … 45 more files in changeset.
Fixed: Server-Side Template Injection using Static (OFBIZ-11871)

Thanks to Alvaro's explanations, the problem was in MacroFormRenderer where, for

lookups, we retrieve _LAST_VIEW_NAME_ as a parameter without encoding it.

I have added getEncodedParameter method in UtilHttp and removed now useless

(after OFBIZ-11907) getEnvironment from MacroFormRenderer.java

Thanks: Alvaro for advice

  1. … 1 more file in changeset.
Improved: Corrected some line is longer than 150 characters checkstyle issues in framework component. Also fixed some extra spaces and naming conventions related checkstyle issues. (OFBIZ-11921)

  1. … 104 more files in changeset.
Improved: Update build.gradle to the latest dependencies (OFBIZ-11603)

Fixes some new warnings coming from JUnit 4.13, a step ahead to JUnit 5.

I left 2 complicated ExpectedException warnings. Change will be needed for JUnit 5.

https://www.luxoft-training.com/news/migrating-from-junit-4-to-junit-5-replacing-rules-with-the-extension-model-part-1/

  1. … 7 more files in changeset.
Improved: Corrected all incorrect indentation level issues in framework component, also fixed some case indentation checkstyle issues. (OFBIZ-11922)

  1. … 60 more files in changeset.
Fixed: with "replaces module by MODULE everywhere" I put in a JavaDoc bug.

This fixes it and clarifies things by using className instead of module in code

when used as a var not as the MODULE const.

Improved: Updated case indentation to 0 for all switch statements in framework component. Also done formatting changes as per checkstyle best practices. (OFBIZ-11904)

  1. … 52 more files in changeset.
Improved: Corrected some single line statements to fix checkstyle issues, also removed some remaining extra spaces from code to avoid checkstyle erros in framework component. (OFBIZ-11886)

  1. … 154 more files in changeset.
Improved: Corrected all checkstyle formatting issues: 'typecast' is not followed by whitespace in framework component. (OFBIZ-11887)

  1. … 73 more files in changeset.
Improved: Corrected all checkstyle formatting issues: Line has trailing spaces in framework component. (OFBIZ-11880) Thanks Jacques for review.

  1. … 84 more files in changeset.
Improved: Corrected checkstyle formatting issues, 'is preceded/not preceded with whitespace' for framework component. (OFBIZ-11874) This fixes following checkstyle issues: '{' is not preceded with whitespace. '{' is not followed by whitespace. '}' is not followed by whitespace. '}' is not preceded with whitespace. 'typecast' is not followed by whitespace. 'try' is not followed by whitespace. ';' is preceded with whitespace.

  1. … 146 more files in changeset.
Improved: Corrected all checkstyle issues related to succeeding space for comma in framework directory. (OFBIZ-11805) Thanks Jacques and Ritesh Kumar for review.

  1. … 29 more files in changeset.
Improved: Corrected remaining ', is not followed by whitespace' checkstyle errors in framework component. (OFBIZ-11805)

  1. … 12 more files in changeset.
Improved: Corrected all 'if is not followed by whitespace' checkstyle errors. Also corrected few ', is not followed by whitespace' checkstyle errors in framework component. (OFBIZ-11805) Thanks Jacques Le Roux and Ritesh Kumar for review.

  1. … 27 more files in changeset.
Improved: Replace Collection.sort() with List.sort().(OFBIZ-11830)

  1. … 12 more files in changeset.
Improved: Replace explicit type argument with diamond operator(OFBIZ-11828)

Since Java 1.7, when defining generic types it is unnecessary to redefine those types in the constructor when it is already done in the declared type.

  1. … 19 more files in changeset.
Improved: Replace anonymous types with lambda expressions(OFBIZ-11833)

  1. … 5 more files in changeset.
Improved: Replace try-finally with try with resources(OFBIZ-11826)

Set checkstyleMain.maxErrors to 26678 (-4)

Thanks: Jacques for the review.

  1. … 2 more files in changeset.
Improved: Replace single method call lambda with method reference(OFBIZ-11835)

Thanks: Jacques for the review.

  1. … 4 more files in changeset.
Improved: Checks if the value passed to checkStringForHtmlSafe is not null (OFBIZ-11822)

This was reported by SpotBugs in Eclipse to prevent a possible NPE.

It seems to me that it's more complex than that because of the

PolicyFactory::sanitize methods signatures where @Nullable annotation is

used. So the SpotBugs warning remains, anyway can't hurt.

BTW found 92 issues reported by SpotBugs in Eclipse, among them 33 are "scary"

I had to add 1 to tasks.checkstyleMain.maxErrors because of

https://github.com/apache/ofbiz-framework/pull/203 that I pulled after the push

was rejected by the pre-push local Git hook

  1. … 1 more file in changeset.
Fixed: Double encoded urls are not being decoded (OFBIZ-11822)

This was broken by OFBIZ-10275

Thanks: Alex Bodnaru

Improved: Enforce noninstantiability to GroovyUtil Class. (#180)

(OFBIZ-11778)

Made class as final, moved default constructor and renamed private data members as per naming convention best practices.

Improved: Made MODULE as private data member of class instead of public in all framework components. (OFBIZ-11739) This will reduce checkstlye issues. Thanks Jacques for review.

  1. … 386 more files in changeset.
Fixed: Issue with redirect queryParameters when the user is logged out (OFBIZ-11714)

In OFBIZ-10539, We missed removing the line which was adding parameters into the map as Ritesh suggested a good way to handle parameters. I've removed that redundant line of code and attaching a patch for the same.

Improved: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

Better style with line not too long

Improved: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

Previous code compiled but SAFER_RESOLVER is not a class but a field, better KISS

Improved: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

Some people may want to use another TemplateClassResolver than SAFER_RESOLVER

This creates a new templateClassResolver security property and uses it in

FreeMarkerWorker::makeConfiguration by default

  1. … 1 more file in changeset.
Fixed: Prevent FreeMarker Template Injection (SSTI)

(OFBIZ-11709)

Since Freemarker 2.3.17 a known solution to these issues is to register a

TemplateClassResolver in Freemarker configuration in order to limit which

TemplateModels can be instantiated in the templates. The predefined resolver

SAFER_RESOLVER doesn't allow to instantiate the Execute class[4].

So the solution is to add the line

newConfig.setNewBuiltinClassResolver(TemplateClassResolver.SAFER_RESOLVER);

in FreeMarkerWorker.java