ofbiz-plugins

Clone Tools
  • last updated 15 mins ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Improved: replaces module by MODULE everywhere

  1. … 59 more files in changeset.
Fixed: Product Images not rendering on One Page Checkout (OFBIZ-11400)

Thanks: Archana Asthana for the report and Devanshu Vyas for the patch.

    • -2
    • +2
    /ecommerce/template/cart/UpdateCart.ftl
Adds the meta CSRF token for Ajax

Improved: POC for CSRF Token

(OFBIZ-11306)

There is no need to change it in common-controller because, apart the ecommerce

application, there are no applications that requires an anonymous flow.

It should be only changed in ecommerce controller.

Improved: fixes a typo due to OFBIZ-11030

Thanks: Pierre Smits for spotting it

Improved: formatting Implemented: Documented: Completed: Reverted: Fixed:

(OFBIZ-)

Explanation

Thanks:

Fixed: Convert DimensionServices.xml minilang to groovy

(OFBIZ-10948)

Now correctly creates the CurrencyDimension using currency.uomId

No need for delegator.setNextSeqId(), looking at (now removed)

DimensionServices.xml confused me.

Thanks: Pierre Smits for report

Fixed: prepareProductDimensionData does not load correct fields in ProductDimension (OFBIZ-11465)

Thanks: Pierre Smits for your contribution.

Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.

(OFBIZ-11470)

As reported by OWASP ZAP:

A cookie has been set without the SameSite attribute, which means that the

cookie can be sent as a result of a 'cross-site' request. The SameSite attribute

is an effective counter measure to cross-site request forgery, cross-site script

inclusion, and timing attacks.

The solution was not obvious in OFBiz for 2 reasons:

1. There is no HttpServletResponse::setHeader. So we need to use a filter

(SameSiteFilter) and even that is not enough because of 2:

2. To prevent session fixation we force Tomcat to generates a new jsessionId,

ultimately put in cookie, in LoginWorker::login. So we need to add a call to

SameSiteFilter::addSameSiteCookieAttribute in

UtilHttp::setResponseBrowserDefaultSecurityHeaders.

    • -0
    • +9
    /assetmaint/webapp/ismgr/WEB-INF/web.xml
    • -0
    • +9
    /birt/webapp/accounting/WEB-INF/web.xml
    • -0
    • +9
    /example/webapp/example/WEB-INF/web.xml
    • -0
    • +9
    /lucene/webapp/content/WEB-INF/web.xml
    • -0
    • +9
    /myportal/webapp/myportal/WEB-INF/web.xml
  1. … 6 more files in changeset.
Improved: "auth" should be true for all the request url used for Application components

(OFBIZ-4956)

Put back getAssociatedStateList requesdt in ecommerce to auth="false" to allow

the anonymous flow

Thanks: Deepak for spotting an reporting the issue (twice, inadvertently I

removed the complete file, I have no ideas how I did that :/)

    • -0
    • +2008
    /ecommerce/webapp/ecommerce/WEB-INF/controller.xml
Fixed: Convert DimensionServices.xml minilang to groovy

(OFBIZ-10948)

There is a bug with loadCurrencyDimension in DimensionServices.groovy

It shows when running quickInitDataWarehouse.

The problem is this Minilang expression is missing in DimensionServices.groovy:

<sequenced-id sequence-name="CurrencyDimension" field="currencyDim.dimensionId"/>

Adding

delegator.setNextSeqId(currencyDim)

is enough.

Improved: "auth" should be true for all the request url used for Application components

(OFBIZ-4956)

Put back getAssociatedStateList requesdt in ecommerce to auth="false" to allow

the anonymous flow

Thanks: Deepak for spotting an reporting the issue

    • -2008
    • +0
    /ecommerce/webapp/ecommerce/WEB-INF/controller.xml
Improved: no functional change

Follows the "How to apply the Apache License to your work" section at

https://www.apache.org/licenses/LICENSE-2.0

Improved: "auth" should be true for all the request url used for Application components

(OFBIZ-4956)

Currently there are some URLs present in application components with

auth="false". So anyone can hit these URLs and access these resources without

authorization.

I think all the URLs should be secure with auth="true"

Thanks: Amardeep Singh Jhajj for report and initial fix

Implemented: have a license

(OFBIZ-11451)

Fixes missing sections in LICENCE and adds NOTICE

I have also removed the plugins prefix in "URIs" because we are under plugins

Thanks: Jacopo for spotting missing sections

Improved: Convert FactServices.xml minilang to groovy.

(OFBIZ-11030)

Thanks Pierre Smits for reporting and Sebastian Berg for providing the

patch.

    • -0
    • +664
    /bi/groovyScripts/FactServices.groovy
Implemented: Remove the user login security question.

(OFBIZ-11244)

Thanks Wiebke Pätzold for providing the patch.

    • -22
    • +1
    /webpos/template/GetSecurityQuestion.ftl
Improved: Added Eclipse bin folder to gitignore.

Implemented: have a license

(OFBIZ-11451)

Merge pull request #7 from priyasharma1/OFBIZ-10948

Improved: Convert DimensionServices.xml minilang to groovy (OFBIZ-10948)

Update: The entity operator as the XML service used these instead of the current ones. - Thanks Jacques for the catch. (OFBIZ-19048)

[Improved] : Converted the Dimension Service to groovy - Deleted the old mini-lang service file - Updated the service definitions with the new groovy methods - Added a new file with the groovy implementation (with minor enhancement) of all the Dimension services As the services deal with lists, there could be scenarios where the enterprise comprises of several thousand products, and so used the EntityListIterator instead of fetching the entire list.

    • -0
    • +135
    /bi/groovyScripts/DimensionServices.groovy
    • -142
    • +0
    /bi/minilang/DimensionServices.xml
Improved: Added all the service level error messages for missing required field for plugins/ebay component. (OFBIZ-7471)

Thanks Jagpreet for reporting and Anushi Gupta for the patch.

    • -21
    • +142
    /ebay/servicedef/services.xml
Fixed: Unable to remove items from onePageCheckout screen of e-commerce. (OFBIZ-10800)

Thanks Arpit Mor for reporting and Dhaval Wagela for the patch.

    • -2
    • +2
    /ecommerce/template/cart/UpdateCart.ftl
Merge pull request #6 from PierreSmits/OFBIZ-10561

Improved: AssetMaint labels (OFBIZ-10561

Improvement: Dropdown/facet at Reports under 'Sale Orders By Channel' is not working fine (OFBIZ-10624)

Thanks, Ritesh Kumar and Dikpal Kanungo for your contribution.

Fixed: Billing Information UI getting distorted. (OFBIZ-10980)

Thanks Padmavati Rawat for reporting and Sourabh Punyani for the patch.

Improvement: Print and Export of ViewFacilityInventoryByProduct report into new window (OFBIZ-10526)

Thanks, Sourabh Punyani and Pierre Smits for your contribution.

    • -2
    • +2
    /assetmaint/widget/FacilityScreens.xml
    • -4
    • +4
    /birt/widget/facility/FacilityScreens.xml
Fixed: replaceFirst sensible to variable pattern (OFBIZ-11396)

When using variable pattern with replaceFirst you may cross issues if the

pattern contains specific tokens. For instance on Windows with the path

"C:\projectsASF\Git\ofbiz-framework/" you have inside the token "\p" which has

a special meaning.

Improvement: Quantity and Add to Cart button showing twice on Compare Products page (OFBIZ-10665)

Thanks, Ritesh Kumar and Dikpal Kanungo for your contribution.

    • -39
    • +0
    /ecommerce/template/order/CompareProducts.ftl