This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 11c3cb34ba Improved: Better secure "openSourceFile" request-map
(OFBIZ-13316)
11c3cb34ba is described below
commit 11c3cb34ba2b2326eba6671b61f5054b18ce2a74
Author: Jacques Le Roux <[email protected]>
AuthorDate: Tue Nov 25 11:38:34 2025 +0100
Improved: Better secure "openSourceFile" request-map (OFBIZ-13316)
Don't forget to set widget.dev.cmd.openSourceFile property to the IDE you
use
(IDEA or Eclipse).
Thank you to "Deep Dark" <[email protected]> (pl4tyz) who reported this
possible security issue.
---
framework/widget/config/widget.properties | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/framework/widget/config/widget.properties
b/framework/widget/config/widget.properties
index 8db89add49..80975fc60e 100644
--- a/framework/widget/config/widget.properties
+++ b/framework/widget/config/widget.properties
@@ -27,7 +27,7 @@
# boundary comments.
widget.verbose=true
-# Enable widget named border for development.
+# Enable widget named border for development. Don't forget to set
widget.dev.cmd.openSourceFile property to the IDE you use (IDEA or Eclipse).
# If you want to use this feature you need to set auth to "false" in the
request-maps "openSourceFile" of common-controller.xml and ecommerce controller.
# Of course don't set auth to "false" in production !
# NONE - For production where no named border will be shown.
