[ https://issues.apache.org/jira/browse/OFBIZ-4688?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Adrian Crum closed OFBIZ-4688.
------------------------------
Resolution: Won't Fix
Fix Version/s: SVN trunk
Olivier,
I am closing this issue because it opens a security hole. This change would allow users to
introduce malicious scripts.
I would recommend using a service call instead.
Thank you for your effort.
> For script tag in action section in Screen (and form) use a FlexibleStringExpander for
scriptLocation and correctly manage minilang script context
> --------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: OFBIZ-4688
> URL: https://issues.apache.org/jira/browse/OFBIZ-4688
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Olivier Heintz
> Priority: Minor
> Fix For: SVN trunk
>
> Attachments: OFBIZ-4688-without_TypeValue.patch, OFBIZ-4688-without_TypeValue_V2.patch,
OFBIZ-4688-without_TypeValue_V3.patch, OFBIZ-4688-without_TypeValue_V4.patch, OFBIZ-4688.patch
>
>
> FlexibleStringExpander to be able to have script name depending from context.
> Minilang script are Useful to migrated some action (too large) as a minilang script
> Be carreful, this patch contain patch from JIRA-4687, if necessary I can submit a new
patch without it
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
|