This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a change to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git.
from 8ee522e Improved: Decodes AjaxAutocompleteOptions return value
add c344918 Improved: Implemented: Documented: Completed: Reverted:
Fixed: Improved: no functional change (OFBIZ-) Explanation Thanks:
add 6395aff Improved: Remove createTopic service (unused) (OFBIZ-11376)
add c45ed25 Improved: Defects reported by code analysis tool.
(OFBIZ-10571)
add 19c31f1 Documented: revert remove docbook help files for accounting
(OFBIZ-11420)
add 0a0ad09 Documented: revert remove docbook help files for
commonext-SETUP (OFBIZ-11420)
add beac466 Documented: revert remove docbook help files for content
(OFBIZ-11420)
add e9a0d11 Documented: revert remove docbook help files for humanres
(OFBIZ-11420)
add 39cc830 Fixed: Picklist is in Input status even after order is
completed. (OFBIZ-10883)
add 2f7e675 Fixed: hr-glossary.adoc: line 22: id assigned to block
already in use: ANNUAL_REVENUE
add 11b8d98 Improved: Put the TOCs on left in generated AsciiDoc
documentation (OFBIZ-11423) Following discussions
add b770f91 Improved: Use FlexibleStringExpander in form widget lookup
field field target parameters
add 59f65f3 Documented: Documented use of field attribute parameter-name
and lookup field attribute target-parameter in widget-form.xsd
add 09b4225 Fixed: Fixed line lengths in ModelFormFieldTest to adhere to
coding standards
add c7f7774 Improved: Remove unused labels from ProductUiLabels.xml
add 6c9bdb9 Improved: UI labels
add f5f2d45 Improved: Cleanup HumanRes labels
add 5cf41f2 Improved: Set checkstyle to use LF line endings
add 8d1b3f4 Improved: Convert PartyInvitationService.xml from minilang to
groovy (OFBIZ-11360)
add 9f9454e Fixed: Code refactoring to support groovy syntax (OFBIZ-10231)
add 2dc7328 Improved: Removes getSubContentWithPermCheck and
getSubSubContentWithPermCheck unused services (OFBIZ-11393)(OFBIZ-11394)
add ca17e2f Improved: Add 2020 version of Incoterms
add 21d568e Fixed: Convert ProductServices.xml mini lang to groovy
Improved: no functional change (OFBIZ-10231)
add 793cf20 Fixed: Refactoring permission model call, alone permission
service failed (OFBIZ-11440)
add cab72ef Improved: Convert party/LookupServices.xml mini-lang to
groovyDSL (OFBIZ-11362)
add 145f53e Improved: Convert ProductServices.xml mini lang to groovy
(OFBIZ-10231)
add 5d3f85d Fixed: Convert ProductServices.xml mini lang to groovy:
productPriceGenericPermission failed (OFBIZ-10231)
add f98ed9e Fixed: createMissingCategoryAndProductAltUrls service misses
a transaction (OFBIZ-11441)
add 312d153 Improved: Convert ProductFeatureServices.xml mini lang to
groovy (OFBIZ-11439)
add 054e66c Improved: Convert createTextAndUploadedContent service from
mini-lang to groovy DSL (OFBIZ-11368)
add 36f9e77 Improved: Convert OrderServices.xml mini-lang to groovyDSL :
getNextOrderId
add b999e59 Improved: Convert OrderServices.xml mini-lang to groovyDSL :
getOrderedSummaryInformation
add f951f8d Fixed: Convert OrderServices.xml mini-lang to groovyDSL :
getNextOrderId
add e586da6 Improved: Upgrade Freemarker from 2.3.29 to 2.3.30.
add 0c2a7ee Improved: Convert ProductContentServices.xml mini lang to
groovy (OFBIZ-11436)
add 7f10602 Improved: Convert CommonServices.xml from mini lang to groovy
(OFBIZ-11402)
add fe4f9cf Improved: Convert PartyServices.xml from mini lang to groovy
(OFBIZ-11361)
add d0f5a83 Fixed: Potential Nullpointer in ErrorPage.ftl
add 0da3899 Improved: Remove unused ‘UtilHttp#checkURLforSpiders’
(OFBIZ-11138)
add d390752 Implemented: Remove the user login security question.
add 92d5ad0 Improved: no functional change
add 54a429e Implemented: _WARNING_MESSAGE_
add 89333df Fixed: Fixed a bug introduced with the removal of the login
security question.
add 7fe20b4 Improved: Styles some clickable fields of backend tables as
buttons.
add a769aaf Improved: Ensure MacroFormRenderer uses
ModelFormField#getCurrentContainerId rather than ModelFormField#getIdName to
ensure any FlexibleStringExpander expression defined in the field's id-name
property is processed before rendering into the container FTL macro.
add 062fc40 Fixed: CommonTheme has a dependency on Flatgrey application.js
add d65b011 Fixed: Unable to view entity row record in webtools if PK
contains timestamp field (OFBIZ-11426)
add b824d45 Fixed: Propagate the theme in
DataResourceWorker.renderDataResourceAsText() Improved: no functional change
add f3bd6a1 Improved: no functional change
add 7240b26 Fixed: Ensure that the SameSite attribute is set to 'strict'
for all cookies.
add 3a5a657 Fixed: Ensure that the SameSite attribute is set to 'strict'
for all cookies.
add ef8546b Improved: POC for CSRF Token
add 019b588 Improved: POC for CSRF Token
new 6c49411 Improved: "auth" should be true for all the request url used
for Application components
new 866c742 Fixed: Ensure that the SameSite attribute is set to 'strict'
for all cookies.
new 11c75b6 Fixed: Ensure that the SameSite attribute is set to 'strict'
for all cookies.
new 87277ab Improved: Added unit testing, using JMockit, to ensure that
form macros are rendered using ids from ModelFormField#getCurrentContainerId.
new 1fbf6c3 Improved: Added license header to MacroFormRendererTest
new d1ca68c Improved: Added unit testing, using JMockit, to ensure that
form macros are rendered using ids from ModelFormField#getCurrentContainerId.
new c68d43e Improved: Added unit testing, using JMockit, to ensure that
form macros are rendered using ids from ModelFormField#getCurrentContainerId.
new 43f4639 Improved: Added unit testing, using JMockit, to ensure that
form macros are rendered using ids from ModelFormField#getCurrentContainerId.
new 4d2e5d3 Fixed: Specified key was too long; max key length is 767
bytes for ProductPromoCodeEmail entity.(OFBIZ-5426) (#44)
new 48e81c4 Improved: style alignment properties
new 20cf076 Improved: unify style application
new 321e516 Improved: unify style application
new c89e934 Improved: unify style application
new 6c66ce0 Fixed: DataModel - correct foreign key (#51)
new 060e9ab Improved: no functional change
new f2e6989 Improved: Implement the pretty print for keyword search
new ae3ae26 Improved: type="text/css" was missing on a call to <<link
rel="stylesheet/less>>
new e666c65 Improved: Improve Web Content Caching
new c9d516d Fixed: The createTaskContent request does not work
new 4594fc4 Improved: Convert PartyPermissionServices.xml from mini lang
to groovy (OFBIZ-11433)
new 8fc5028 Fixed: correct path to ftpAddress services (OFBIZ-11359)
new 37f33f4 Fixed: correct path to ftpAddress services (OFBIZ-11359)
new 5bc579a Merges OFBiz trunk
new 768353a Improved: Implemented: Documented: Completed: Reverted: Fixed:
new 645d419 Merge branch 'trunk' into POC-for-CSRF-Token-OFBIZ-11306
new ba548f6 Merge branch 'JacquesLeRoux-POC-for-CSRF-Token-OFBIZ-11306'
into trunk Because of GitHub message on PR56: This branch cannot be rebased due
to conflicts
The 26 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../humanres/template/category/CategoryTree.ftl | 16 +-
.../category/ftl/CatalogAltUrlSeoTransform.java | 8 +-
.../product/category/ftl/UrlRegexpTransform.java | 13 +-
.../product/template/category/CategoryTree.ftl | 2 +-
.../java/org/apache/ofbiz/common/CommonEvents.java | 3 +-
.../common/webcommon/WEB-INF/common-controller.xml | 4 +-
framework/security/config/security.properties | 22 +-
.../apache/ofbiz/security/CsrfDefenseStrategy.java | 93 ++++++
.../java/org/apache/ofbiz/security/CsrfUtil.java | 358 +++++++++++++++++++++
.../ofbiz/security/ICsrfDefenseStrategy.java | 55 ++++
.../ofbiz/security/NoCsrfDefenseStrategy.java} | 34 +-
.../org/apache/ofbiz/security/CsrfUtilTests.java | 264 +++++++++++++++
framework/webapp/dtd/site-conf.xsd | 14 +
.../ofbiz/webapp/control/ConfigXMLReader.java | 3 +
.../ofbiz/webapp/control/ControlEventListener.java | 3 +
.../ofbiz/webapp/control/RequestHandler.java | 33 +-
.../ofbiz/webapp/ftl/CsrfTokenAjaxTransform.java | 57 ++--
.../webapp/ftl/CsrfTokenPairNonAjaxTransform.java | 56 ++--
.../ofbiz/webapp/freemarkerTransforms.properties | 2 +
.../webtools/groovyScripts/entity/CheckDb.groovy | 7 +-
.../webtools/groovyScripts/entity/EntityRef.groovy | 6 +
framework/webtools/template/entity/CheckDb.ftl | 28 +-
.../webtools/template/entity/EntityRefList.ftl | 9 +-
framework/webtools/template/entity/ViewGeneric.ftl | 5 +-
.../webapp/webtools/WEB-INF/controller.xml | 2 +-
.../java/org/apache/ofbiz/widget/WidgetWorker.java | 14 +
.../widget/renderer/macro/MacroFormRenderer.java | 14 +-
themes/bluelight/template/Header.ftl | 6 +-
.../common-theme/template/includes/ListLocales.ftl | 2 +-
.../template/macro/CsvFormMacroLibrary.ftl | 2 +-
.../template/macro/FoFormMacroLibrary.ftl | 2 +-
.../template/macro/HtmlFormMacroLibrary.ftl | 8 +-
.../template/macro/TextFormMacroLibrary.ftl | 2 +-
.../template/macro/XlsFormMacroLibrary.ftl | 2 +-
.../template/macro/XmlFormMacroLibrary.ftl | 2 +-
.../webapp/common/js/util/OfbizUtil.js | 12 +-
themes/flatgrey/template/Header.ftl | 6 +-
themes/rainbowstone/template/includes/Header.ftl | 4 +
.../rainbowstone/template/includes/TopAppBar.ftl | 2 +-
themes/tomahawk/template/AppBarClose.ftl | 2 +-
themes/tomahawk/template/Header.ftl | 4 +
41 files changed, 1037 insertions(+), 144 deletions(-)
create mode 100644
framework/security/src/main/java/org/apache/ofbiz/security/CsrfDefenseStrategy.java
create mode 100644
framework/security/src/main/java/org/apache/ofbiz/security/CsrfUtil.java
create mode 100644
framework/security/src/main/java/org/apache/ofbiz/security/ICsrfDefenseStrategy.java
copy
framework/{base/src/main/java/org/apache/ofbiz/base/concurrent/ConstantFuture.java
=>
security/src/main/java/org/apache/ofbiz/security/NoCsrfDefenseStrategy.java}
(62%)
create mode 100644
framework/security/src/test/java/org/apache/ofbiz/security/CsrfUtilTests.java
copy
applications/product/src/main/java/org/apache/ofbiz/product/category/ftl/OfbizCatalogUrlTransform.java
=>
framework/webapp/src/main/java/org/apache/ofbiz/webapp/ftl/CsrfTokenAjaxTransform.java
(61%)
copy
applications/product/src/main/java/org/apache/ofbiz/product/category/ftl/OfbizCatalogUrlTransform.java
=>
framework/webapp/src/main/java/org/apache/ofbiz/webapp/ftl/CsrfTokenPairNonAjaxTransform.java
(62%)
