ofbiz-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jler...@apache.org
Subject [ofbiz-framework] branch trunk updated: Fixed: "entity/list" request is not handled well
Date Sun, 12 Apr 2020 11:17:23 GMT
This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/trunk by this push:
     new e487122  Fixed: "entity/list" request is not handled well
e487122 is described below

commit e4871226249b7c5dcb51931b81bf5cdb79d7810f
Author: Jacques Le Roux <jacques.le.roux@les7arts.com>
AuthorDate: Sun Apr 12 13:17:37 2020 +0200

    Fixed: "entity/list" request is not handled well
    
    (OFBIZ-11593)
    
    The "entity/list" request has been put in with OFBIZ-11007. It's used to call
    the entitymaint view and so is a demo/didactic duplicate of entitymaint request.
    It's only used in FindGeneric screen (look for WebtoolsBackToEntityList label).
    It's problematic because since the CSRF token defense was put in you can no
    longer filter the entities from the entities list screen, even when the default
    NoCsrfDefenseStrategy is used. It works if you use the entitymaint request
    instead.
    
    Anyway, 2020-01-19 I proposed in OFBIZ-11306 a solution for such cases.
    It was not used because 2020-02-14 I thought it was no longer needed,
    but it's necessary for this case, and maybe others not already detected.
    
    Here it's implementation (only trunk)
---
 .../apache/ofbiz/webapp/control/RequestHandler.java   | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
index af8f3fa..6e2a1c4 100644
--- a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
+++ b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
@@ -43,6 +43,7 @@ import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 import javax.ws.rs.core.MultivaluedHashMap;
 
+import org.apache.commons.lang3.StringUtils;
 import org.apache.cxf.jaxrs.model.URITemplate;
 import org.apache.ofbiz.base.location.FlexibleLocation;
 import org.apache.ofbiz.base.util.Debug;
@@ -146,7 +147,7 @@ public class RequestHandler {
             String overrideViewUri = getOverrideViewUri(path);
             if (requestMapMap.containsKey(requestUri)
                     // Ensure that overridden view exists.
-                    && (overrideViewUri == null || viewMapMap.containsKey(overrideViewUri)

+                    && (overrideViewUri == null || viewMapMap.containsKey(overrideViewUri)
                     || ("SOAPService".equals(requestUri) && "wsdl".equalsIgnoreCase(req.getQueryString())))){
                 rmaps = requestMapMap.get(requestUri);
                 req.setAttribute("overriddenView", overrideViewUri);
@@ -495,7 +496,7 @@ public class RequestHandler {
                                         
                     if (requestMap.event.metrics != null) {
                         requestMap.event.metrics.recordServiceRate(1, System.currentTimeMillis()
- startTime);
-                    }                    
+                    }
 
                     // save the server hit for the request event
                     if (this.trackStats(request)) {
@@ -832,7 +833,11 @@ public class RequestHandler {
         if (pathInfo.get(0).indexOf('?') > -1) {
             return pathInfo.get(0).substring(0, pathInfo.get(0).indexOf('?'));
         } else {
-            return pathInfo.get(0);
+            if (1 < StringUtils.countMatches(path, "/")) {
+                return pathInfo.get(0) + "/" + pathInfo.get(1);
+            } else {
+                return pathInfo.get(0);
+            }
         }
     }
 
@@ -865,7 +870,7 @@ public class RequestHandler {
             statusCode = Integer.valueOf(statusCodeString);
         } catch (NumberFormatException e) {
             statusCode = 303;
-        } 
+        }
         while (attributeNameEnum.hasMoreElements()) {
             String name = attributeNameEnum.nextElement();
             Object obj = req.getAttribute(name);
@@ -885,7 +890,7 @@ public class RequestHandler {
         }
 
         // send the redirect
-        try {            
+        try {
             resp.setStatus(statusCode);
             resp.setHeader("Location", url);
             resp.setHeader("Connection", "close");
@@ -1219,7 +1224,7 @@ public class RequestHandler {
         Collection<ConfigXMLReader.Event> get() throws WebAppConfigurationException;
     }
 
-    private void runEvents(HttpServletRequest req, HttpServletResponse res, 
+    private void runEvents(HttpServletRequest req, HttpServletResponse res,
             EventCollectionProducer prod, String trigger) {
         try {
             for (ConfigXMLReader.Event event: prod.get()) {
@@ -1312,7 +1317,7 @@ public class RequestHandler {
         Delegator delegator = (Delegator) request.getAttribute("delegator");
         boolean showSessionIdInLog = EntityUtilProperties.propertyValueEqualsIgnoreCase("requestHandler",
"show-sessionId-in-log", "Y", delegator);
         if (showSessionIdInLog) {
-            return " sessionId=" + UtilHttp.getSessionId(request); 
+            return " sessionId=" + UtilHttp.getSessionId(request);
         }
         return " Hidden sessionId by default.";
     }


Mime
View raw message