[
https://issues.apache.org/jira/browse/OFBIZ-2189?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12673281#action_12673281
]
Markus Studer commented on OFBIZ-2189:
--------------------------------------
The problem is related to the recent security changes.
XML Data Import allows to enter "Complete XML document" directly and uses the
service entityImport and enters the data into the field fullText. This field
gets validate to not include those < and > characters (new default behaviour).
It is possible to override this behaviour on the service definition on
attribute level (i.e. for field fullText) but I am not sure, what consequences
that has from security point of view.
The patch you provided doesn't help as it "deactivates" the checks for < and >
> Error occurs using XML-Import from webtools
> -------------------------------------------
>
> Key: OFBIZ-2189
> URL: https://issues.apache.org/jira/browse/OFBIZ-2189
> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Ashish Nagar
> Fix For: SVN trunk
>
> Attachments: OFBIZ-2189.patch
>
> Original Estimate: 3h
> Remaining Estimate: 3h
>
> While using uploading Entity Engine XML documents , error is occuring
> [ ServiceDispatcher.java:368:ERROR]
> ---- exception report
> ----------------------------------------------------------
> Incoming context (in runSync : entityImport) does not match expected
> requirements
> Exception: org.ofbiz.service.ServiceValidationException
> Message: In field [fulltext] greater-than (>) and less-than (<) symbols are
> not allowed.
> ---- stack trace
> ---------------------------------------------------------------
> org.ofbiz.service.ServiceValidationException: In field [fulltext]
> greater-than (>) and less-than (<) symbols are not allowed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
