ofbiz-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jler...@apache.org
Subject [ofbiz-framework] branch trunk updated (8ee522e -> ba548f6)
Date Sat, 04 Apr 2020 15:59:20 GMT
This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a change to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git.


    from 8ee522e  Improved: Decodes AjaxAutocompleteOptions return value
     add c344918  Improved: Implemented: Documented: Completed: Reverted: Fixed: Improved:
no functional change (OFBIZ-) Explanation Thanks:
     add 6395aff  Improved: Remove createTopic service (unused) (OFBIZ-11376)
     add c45ed25  Improved: Defects reported by code analysis tool. (OFBIZ-10571)
     add 19c31f1  Documented: revert remove docbook help files for accounting (OFBIZ-11420)
     add 0a0ad09  Documented: revert remove docbook help files for commonext-SETUP (OFBIZ-11420)
     add beac466  Documented: revert remove docbook help files for content (OFBIZ-11420)
     add e9a0d11  Documented: revert remove docbook help files for humanres (OFBIZ-11420)
     add 39cc830  Fixed: Picklist is in Input status even after order is completed. (OFBIZ-10883)
     add 2f7e675  Fixed: hr-glossary.adoc: line 22: id assigned to block already in use: ANNUAL_REVENUE
     add 11b8d98  Improved: Put the TOCs on left in generated AsciiDoc documentation (OFBIZ-11423)
Following discussions
     add b770f91  Improved: Use FlexibleStringExpander in form widget lookup field field target
parameters
     add 59f65f3  Documented: Documented use of field attribute parameter-name and lookup
field attribute target-parameter in widget-form.xsd
     add 09b4225  Fixed: Fixed line lengths in ModelFormFieldTest to adhere to coding standards
     add c7f7774  Improved: Remove unused labels from ProductUiLabels.xml
     add 6c9bdb9  Improved: UI labels
     add f5f2d45  Improved: Cleanup HumanRes labels
     add 5cf41f2  Improved: Set checkstyle to use LF line endings
     add 8d1b3f4  Improved: Convert PartyInvitationService.xml from minilang to groovy (OFBIZ-11360)
     add 9f9454e  Fixed: Code refactoring to support groovy syntax (OFBIZ-10231)
     add 2dc7328  Improved: Removes getSubContentWithPermCheck and getSubSubContentWithPermCheck
unused services (OFBIZ-11393)(OFBIZ-11394)
     add ca17e2f  Improved: Add 2020 version of Incoterms
     add 21d568e  Fixed: Convert ProductServices.xml mini lang to groovy Improved: no functional
change (OFBIZ-10231)
     add 793cf20  Fixed: Refactoring permission model call, alone permission service failed
(OFBIZ-11440)
     add cab72ef  Improved: Convert party/LookupServices.xml mini-lang to groovyDSL (OFBIZ-11362)
     add 145f53e  Improved: Convert ProductServices.xml mini lang to groovy (OFBIZ-10231)
     add 5d3f85d  Fixed: Convert ProductServices.xml mini lang to groovy: productPriceGenericPermission
failed (OFBIZ-10231)
     add f98ed9e  Fixed: createMissingCategoryAndProductAltUrls service misses a transaction
(OFBIZ-11441)
     add 312d153  Improved: Convert ProductFeatureServices.xml mini lang to groovy (OFBIZ-11439)
     add 054e66c  Improved: Convert createTextAndUploadedContent service from mini-lang to
groovy DSL (OFBIZ-11368)
     add 36f9e77  Improved: Convert OrderServices.xml mini-lang to groovyDSL : getNextOrderId
     add b999e59  Improved: Convert OrderServices.xml mini-lang to groovyDSL : getOrderedSummaryInformation
     add f951f8d  Fixed: Convert OrderServices.xml mini-lang to groovyDSL : getNextOrderId
     add e586da6  Improved: Upgrade Freemarker from 2.3.29 to 2.3.30.
     add 0c2a7ee  Improved: Convert ProductContentServices.xml mini lang to groovy (OFBIZ-11436)
     add 7f10602  Improved: Convert CommonServices.xml from mini lang to groovy (OFBIZ-11402)
     add fe4f9cf  Improved: Convert PartyServices.xml from mini lang to groovy (OFBIZ-11361)
     add d0f5a83  Fixed: Potential Nullpointer in ErrorPage.ftl
     add 0da3899  Improved: Remove unused ‘UtilHttp#checkURLforSpiders’ (OFBIZ-11138)
     add d390752  Implemented: Remove the user login security question.
     add 92d5ad0  Improved: no functional change
     add 54a429e  Implemented: _WARNING_MESSAGE_
     add 89333df  Fixed: Fixed a bug introduced with the removal of the  login security question.
     add 7fe20b4  Improved: Styles some clickable fields of backend tables as buttons.
     add a769aaf  Improved: Ensure MacroFormRenderer uses ModelFormField#getCurrentContainerId
rather than ModelFormField#getIdName to ensure any FlexibleStringExpander expression defined
in the field's id-name property is processed before rendering into the container FTL macro.
     add 062fc40  Fixed: CommonTheme has a dependency on Flatgrey application.js
     add d65b011  Fixed: Unable to view entity row record in webtools if PK contains timestamp
field (OFBIZ-11426)
     add b824d45  Fixed: Propagate the theme in DataResourceWorker.renderDataResourceAsText()
Improved: no functional change
     add f3bd6a1  Improved: no functional change
     add 7240b26  Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.
     add 3a5a657  Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.
     add ef8546b  Improved: POC for CSRF Token
     add 019b588  Improved: POC for CSRF Token
     new 6c49411  Improved: "auth" should be true for all the request url used for Application
components
     new 866c742  Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.
     new 11c75b6  Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.
     new 87277ab  Improved: Added unit testing, using JMockit, to ensure that form macros
are rendered using ids from ModelFormField#getCurrentContainerId.
     new 1fbf6c3  Improved: Added license header to MacroFormRendererTest
     new d1ca68c  Improved: Added unit testing, using JMockit, to ensure that form macros
are rendered using ids from ModelFormField#getCurrentContainerId.
     new c68d43e  Improved: Added unit testing, using JMockit, to ensure that form macros
are rendered using ids from ModelFormField#getCurrentContainerId.
     new 43f4639  Improved: Added unit testing, using JMockit, to ensure that form macros
are rendered using ids from ModelFormField#getCurrentContainerId.
     new 4d2e5d3  Fixed: Specified key was too long; max key length is 767 bytes for ProductPromoCodeEmail
entity.(OFBIZ-5426) (#44)
     new 48e81c4  Improved: style alignment properties
     new 20cf076  Improved: unify style application
     new 321e516  Improved: unify style application
     new c89e934  Improved: unify style application
     new 6c66ce0  Fixed: DataModel - correct foreign key (#51)
     new 060e9ab  Improved: no functional change
     new f2e6989  Improved: Implement the pretty print for keyword search
     new ae3ae26  Improved: type="text/css" was missing on a call to <<link rel="stylesheet/less>>
     new e666c65  Improved: Improve Web Content Caching
     new c9d516d  Fixed: The createTaskContent request does not work
     new 4594fc4  Improved: Convert PartyPermissionServices.xml from mini lang to groovy (OFBIZ-11433)
     new 8fc5028  Fixed: correct path to ftpAddress services (OFBIZ-11359)
     new 37f33f4  Fixed: correct path to ftpAddress services (OFBIZ-11359)
     new 5bc579a  Merges OFBiz trunk
     new 768353a  Improved: Implemented: Documented: Completed: Reverted: Fixed:
     new 645d419  Merge branch 'trunk' into POC-for-CSRF-Token-OFBIZ-11306
     new ba548f6  Merge branch 'JacquesLeRoux-POC-for-CSRF-Token-OFBIZ-11306' into trunk Because
of GitHub message on PR56: This branch cannot be rebased due to conflicts

The 26 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../humanres/template/category/CategoryTree.ftl    |  16 +-
 .../category/ftl/CatalogAltUrlSeoTransform.java    |   8 +-
 .../product/category/ftl/UrlRegexpTransform.java   |  13 +-
 .../product/template/category/CategoryTree.ftl     |   2 +-
 .../java/org/apache/ofbiz/common/CommonEvents.java |   3 +-
 .../common/webcommon/WEB-INF/common-controller.xml |   4 +-
 framework/security/config/security.properties      |  22 +-
 .../apache/ofbiz/security/CsrfDefenseStrategy.java |  93 ++++++
 .../java/org/apache/ofbiz/security/CsrfUtil.java   | 358 +++++++++++++++++++++
 .../ofbiz/security/ICsrfDefenseStrategy.java       |  55 ++++
 .../ofbiz/security/NoCsrfDefenseStrategy.java}     |  34 +-
 .../org/apache/ofbiz/security/CsrfUtilTests.java   | 264 +++++++++++++++
 framework/webapp/dtd/site-conf.xsd                 |  14 +
 .../ofbiz/webapp/control/ConfigXMLReader.java      |   3 +
 .../ofbiz/webapp/control/ControlEventListener.java |   3 +
 .../ofbiz/webapp/control/RequestHandler.java       |  33 +-
 .../ofbiz/webapp/ftl/CsrfTokenAjaxTransform.java   |  57 ++--
 .../webapp/ftl/CsrfTokenPairNonAjaxTransform.java  |  56 ++--
 .../ofbiz/webapp/freemarkerTransforms.properties   |   2 +
 .../webtools/groovyScripts/entity/CheckDb.groovy   |   7 +-
 .../webtools/groovyScripts/entity/EntityRef.groovy |   6 +
 framework/webtools/template/entity/CheckDb.ftl     |  28 +-
 .../webtools/template/entity/EntityRefList.ftl     |   9 +-
 framework/webtools/template/entity/ViewGeneric.ftl |   5 +-
 .../webapp/webtools/WEB-INF/controller.xml         |   2 +-
 .../java/org/apache/ofbiz/widget/WidgetWorker.java |  14 +
 .../widget/renderer/macro/MacroFormRenderer.java   |  14 +-
 themes/bluelight/template/Header.ftl               |   6 +-
 .../common-theme/template/includes/ListLocales.ftl |   2 +-
 .../template/macro/CsvFormMacroLibrary.ftl         |   2 +-
 .../template/macro/FoFormMacroLibrary.ftl          |   2 +-
 .../template/macro/HtmlFormMacroLibrary.ftl        |   8 +-
 .../template/macro/TextFormMacroLibrary.ftl        |   2 +-
 .../template/macro/XlsFormMacroLibrary.ftl         |   2 +-
 .../template/macro/XmlFormMacroLibrary.ftl         |   2 +-
 .../webapp/common/js/util/OfbizUtil.js             |  12 +-
 themes/flatgrey/template/Header.ftl                |   6 +-
 themes/rainbowstone/template/includes/Header.ftl   |   4 +
 .../rainbowstone/template/includes/TopAppBar.ftl   |   2 +-
 themes/tomahawk/template/AppBarClose.ftl           |   2 +-
 themes/tomahawk/template/Header.ftl                |   4 +
 41 files changed, 1037 insertions(+), 144 deletions(-)
 create mode 100644 framework/security/src/main/java/org/apache/ofbiz/security/CsrfDefenseStrategy.java
 create mode 100644 framework/security/src/main/java/org/apache/ofbiz/security/CsrfUtil.java
 create mode 100644 framework/security/src/main/java/org/apache/ofbiz/security/ICsrfDefenseStrategy.java
 copy framework/{base/src/main/java/org/apache/ofbiz/base/concurrent/ConstantFuture.java =>
security/src/main/java/org/apache/ofbiz/security/NoCsrfDefenseStrategy.java} (62%)
 create mode 100644 framework/security/src/test/java/org/apache/ofbiz/security/CsrfUtilTests.java
 copy applications/product/src/main/java/org/apache/ofbiz/product/category/ftl/OfbizCatalogUrlTransform.java
=> framework/webapp/src/main/java/org/apache/ofbiz/webapp/ftl/CsrfTokenAjaxTransform.java
(61%)
 copy applications/product/src/main/java/org/apache/ofbiz/product/category/ftl/OfbizCatalogUrlTransform.java
=> framework/webapp/src/main/java/org/apache/ofbiz/webapp/ftl/CsrfTokenPairNonAjaxTransform.java
(62%)


Mime
View raw message