I am looking at this now. Seems that org.ofbiz.base.util.UtilHttp.canonicalizeParameter(String) gets called on the fulltext parameter value. That is when it goes from the on screen value of \& to an actual &. I will look further into how we might prevent this.
David E. Jones (JIRA) wrote: > [ > https://issues.apache.org/jira/browse/OFBIZ-2231?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12682943#action_12682943 > ] > > David E. Jones commented on OFBIZ-2231: > --------------------------------------- > > Jacques: if you're going to have a look, please make sure to find the cause > of the problem instead of fixing the symptom, which is all this patch does. > > This patch is NOT a solution to the problem IMO, it will cause other problems > in other scenarios and doesn't fix whatever the underlying cause of this is. > Basically to make progress on this we'll have to reproduce the issue (which > doesn't seem too hard) and see what is behaving in an undesirable way. > > >> Escaped ampersands in xml import need to be reencoded >> ------------------------------------------------------ >> >> Key: OFBIZ-2231 >> URL: https://issues.apache.org/jira/browse/OFBIZ-2231 >> Project: OFBiz >> Issue Type: Bug >> Components: framework >> Affects Versions: SVN trunk >> Environment: Windows XP >> Reporter: Stephen Rufle >> Assignee: Jacques Le Roux >> Fix For: SVN trunk >> >> Attachments: 2009-03-06_WebToolsServices.patch >> >> >> While trying to import >> {code:xml} >> <PostalAddress toName="To" stateProvinceGeoId="NJ" postalCode="08873" >> countryGeoId="USA" contactMechId="001" city="SOMERSET" attnName="Steve" >> address2="100 Some Ave" address1="First&Broadway"/> >> {code} >> got the following exception. I think that the recent security stuff encodes >> the xml so it is no longer valid during the reader.parse call in >> org.ofbiz.webtools.WebToolsServices.parseEntityXmlFile(...) >> My solution is to make a call to >> {code} >> xmltext= StringUtil.replaceString(xmltext, "&", "\&"); >> {code} >> before reader.parse is called >> {code} >> An error occurred saving the data, rolling back transaction (true) >> Exception: org.xml.sax.SAXException >> Message: Error storing value >> ---- stack trace >> --------------------------------------------------------------- >> org.ofbiz.entity.GenericEntityException: Error while inserting: >> [GenericEntity:PartyRelationship]... >> javolution.xml.sax.XMLReaderImpl.parseAll(Unknown Source) >> javolution.xml.sax.XMLReaderImpl.parse(Unknown Source) >> org.ofbiz.entity.util.EntitySaxReader.parse(EntitySaxReader.java:258) >> org.ofbiz.entity.util.EntitySaxReader.parse(EntitySaxReader.java:209) >> org.ofbiz.webtools.WebToolsServices.parseEntityXmlFile(WebToolsServices.java:459) >> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) >> sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) >> java.lang.reflect.Method.invoke(Unknown Source) >> org.ofbiz.service.engine.StandardJavaEngine.serviceInvoker(StandardJavaEngine.java:96) >> org.ofbiz.service.engine.StandardJavaEngine.runSync(StandardJavaEngine.java:54) >> org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:384) >> org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:213) >> org.ofbiz.service.GenericDispatcher.runSync(GenericDispatcher.java:148) >> org.ofbiz.webtools.WebToolsServices.entityImport(WebToolsServices.java:203) >> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) >> sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) >> java.lang.reflect.Method.invoke(Unknown Source) >> org.ofbiz.service.engine.StandardJavaEngine.serviceInvoker(StandardJavaEngine.java:96) >> org.ofbiz.service.engine.StandardJavaEngine.runSync(StandardJavaEngine.java:54) >> org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:384) >> org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:213) >> org.ofbiz.service.GenericDispatcher.runSync(GenericDispatcher.java:148) >> org.ofbiz.webapp.event.ServiceEventHandler.invoke(ServiceEventHandler.java:328) >> org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:530) >> org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:328) >> org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:201) >> org.ofbiz.webapp.control.ControlServlet.doPost(ControlServlet.java:77) >> javax.servlet.http.HttpServlet.service(HttpServlet.java:710) >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >> org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:259) >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568) >> org.ofbiz.catalina.container.CrossSubdomainSessionValve.invoke(CrossSubdomainSessionValve.java:44) >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >> java.lang.Thread.run(Unknown Source) >> --------------------------------------------------------------- >> {code} >> > > -- Stephen P Rufle [email protected] H1:480-626-8022 H2:480-802-7173 Yahoo IM: stephen_rufle AOL IM: stephen1rufle
