[
https://issues.apache.org/jira/browse/OFBIZ-9815?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Brohl closed OFBIZ-9815.
--------------------------------
Resolution: Implemented
Fix Version/s: Upcoming Release
Thanks Julian,
your patch is in trunk r1817684.
Instead of just setting the locale to null I've added functionality to
retrieve the locale from the context map and set a default if there is
no locale provided.
> [FB] Package org.apache.ofbiz.content.webapp.ftl
> ------------------------------------------------
>
> Key: OFBIZ-9815
> URL: https://issues.apache.org/jira/browse/OFBIZ-9815
> Project: OFBiz
> Issue Type: Sub-task
> Components: content
> Affects Versions: Trunk
> Reporter: Julian Leichert
> Assignee: Michael Brohl
> Priority: Minor
> Fix For: Upcoming Release
>
> Attachments:
> OFBIZ-9815_org.apache.ofbiz.content.webapp.ftl_bugfixes.patch
>
>
> CheckPermissionTransform.java:56, MS_PKGPROTECT
> - MS:
> org.apache.ofbiz.content.webapp.ftl.CheckPermissionTransform.saveKeyNames
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The
> field could be made package protected to avoid this vulnerability.
> CheckPermissionTransform.java:99, SIC_INNER_SHOULD_BE_STATIC_ANON
> - SIC: The class
> org.apache.ofbiz.content.webapp.ftl.CheckPermissionTransform$1 could be
> refactored into a named _static_ inner class
> This class is an inner class, but does not use its embedded reference to the
> object which created it. This reference makes the instances of the class
> larger, and may keep the reference to the creator object alive longer than
> necessary. If possible, the class should be made into a static inner class.
> Since anonymous inner classes cannot be marked as static, doing this will
> require refactoring the inner class so that it is a named inner class.
> EditRenderSubContentCacheTransform.java:52, MS_PKGPROTECT
> - MS:
> org.apache.ofbiz.content.webapp.ftl.EditRenderSubContentCacheTransform.saveKeyNames
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The
> field could be made package protected to avoid this vulnerability.
> EditRenderSubContentCacheTransform.java:131, SIC_INNER_SHOULD_BE_STATIC_ANON
> - SIC: The class
> org.apache.ofbiz.content.webapp.ftl.EditRenderSubContentCacheTransform$1
> could be refactored into a named _static_ inner class
> This class is an inner class, but does not use its embedded reference to the
> object which created it. This reference makes the instances of the class
> larger, and may keep the reference to the creator object alive longer than
> necessary. If possible, the class should be made into a static inner class.
> Since anonymous inner classes cannot be marked as static, doing this will
> require refactoring the inner class so that it is a named inner class.
> EditRenderSubContentCacheTransform.java:163, WMI_WRONG_MAP_ITERATOR
> - WMI:
> org.apache.ofbiz.content.webapp.ftl.EditRenderSubContentCacheTransform$1.close()
> makes inefficient use of keySet iterator instead of entrySet iterator
> This method accesses the value of a Map entry, using a key that was retrieved
> from a keySet iterator. It is more efficient to use an iterator on the
> entrySet of the map, to avoid the Map.get(key) lookup.
> EditRenderSubContentCacheTransform.java:171, NP_LOAD_OF_KNOWN_NULL_VALUE
> - NP: Load of known null value in
> org.apache.ofbiz.content.webapp.ftl.EditRenderSubContentCacheTransform$1.close()
> The variable referenced at this point is known to be null due to an earlier
> check against null. Although this is valid, it might be a mistake (perhaps
> you intended to refer to a different variable, or perhaps the earlier check
> to see if the variable is null should have been a check to see if it was
> non-null).
> EditRenderSubContentTransform.java:163, SIC_INNER_SHOULD_BE_STATIC_ANON
> - SIC: The class
> org.apache.ofbiz.content.webapp.ftl.EditRenderSubContentTransform$1 could be
> refactored into a named _static_ inner class
> This class is an inner class, but does not use its embedded reference to the
> object which created it. This reference makes the instances of the class
> larger, and may keep the reference to the creator object alive longer than
> necessary. If possible, the class should be made into a static inner class.
> Since anonymous inner classes cannot be marked as static, doing this will
> require refactoring the inner class so that it is a named inner class.
> InjectNodeTrailCsvTransform.java:49, MS_PKGPROTECT
> - MS:
> org.apache.ofbiz.content.webapp.ftl.InjectNodeTrailCsvTransform.saveKeyNames
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The
> field could be made package protected to avoid this vulnerability.
> InjectNodeTrailCsvTransform.java:50, MS_PKGPROTECT
> - MS:
> org.apache.ofbiz.content.webapp.ftl.InjectNodeTrailCsvTransform.removeKeyNames
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The
> field could be made package protected to avoid this vulnerability.
> InjectNodeTrailCsvTransform.java:87, SIC_INNER_SHOULD_BE_STATIC_ANON
> - SIC: The class
> org.apache.ofbiz.content.webapp.ftl.InjectNodeTrailCsvTransform$1 could be
> refactored into a named _static_ inner class
> This class is an inner class, but does not use its embedded reference to the
> object which created it. This reference makes the instances of the class
> larger, and may keep the reference to the creator object alive longer than
> necessary. If possible, the class should be made into a static inner class.
> Since anonymous inner classes cannot be marked as static, doing this will
> require refactoring the inner class so that it is a named inner class.
> LimitedSubContentCacheTransform.java:59, MS_PKGPROTECT
> - MS:
> org.apache.ofbiz.content.webapp.ftl.LimitedSubContentCacheTransform.upSaveKeyNames
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The
> field could be made package protected to avoid this vulnerability.
> LimitedSubContentCacheTransform.java:60, MS_PKGPROTECT
> - MS:
> org.apache.ofbiz.content.webapp.ftl.LimitedSubContentCacheTransform.saveKeyNames
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The
> field could be made package protected to avoid this vulnerability.
> LimitedSubContentCacheTransform.java:156, SIC_INNER_SHOULD_BE_STATIC_ANON
> - SIC: The class
> org.apache.ofbiz.content.webapp.ftl.LimitedSubContentCacheTransform$1 could
> be refactored into a named _static_ inner class
> This class is an inner class, but does not use its embedded reference to the
> object which created it. This reference makes the instances of the class
> larger, and may keep the reference to the creator object alive longer than
> necessary. If possible, the class should be made into a static inner class.
> Since anonymous inner classes cannot be marked as static, doing this will
> require refactoring the inner class so that it is a named inner class.
> LimitedSubContentCacheTransform.java:226, DLS_DEAD_LOCAL_STORE
> - DLS: Dead store to locale in
> org.apache.ofbiz.content.webapp.ftl.LimitedSubContentCacheTransform$1.prepCtx(Delegator,
> Map, Environment, GenericValue)
> This instruction assigns a value to a local variable, but the value is not
> read or used in any subsequent instruction. Often, this indicates an error,
> because the value computed is never used.
> Note that Sun's javac compiler often generates dead stores for final local
> variables. Because FindBugs is a bytecode-based tool, there is no easy way to
> eliminate these false positives.
> LimitedSubContentCacheTransform.java:229, NP_LOAD_OF_KNOWN_NULL_VALUE
> - NP: Load of known null value in
> org.apache.ofbiz.content.webapp.ftl.LimitedSubContentCacheTransform$1.prepCtx(Delegator,
> Map, Environment, GenericValue)
> The variable referenced at this point is known to be null due to an earlier
> check against null. Although this is valid, it might be a mistake (perhaps
> you intended to refer to a different variable, or perhaps the earlier check
> to see if the variable is null should have been a check to see if it was
> non-null).
> LoopSubContentTransform.java:56, MS_PKGPROTECT
> - MS:
> org.apache.ofbiz.content.webapp.ftl.LoopSubContentTransform.saveKeyNames
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The
> field could be made package protected to avoid this vulnerability.
> LoopSubContentTransform.java:57, MS_PKGPROTECT
> - MS:
> org.apache.ofbiz.content.webapp.ftl.LoopSubContentTransform.removeKeyNames
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The
> field could be made package protected to avoid this vulnerability.
> LoopSubContentTransform.java:189, SIC_INNER_SHOULD_BE_STATIC_ANON
> - SIC: The class
> org.apache.ofbiz.content.webapp.ftl.LoopSubContentTransform$1 could be
> refactored into a named _static_ inner class
> This class is an inner class, but does not use its embedded reference to the
> object which created it. This reference makes the instances of the class
> larger, and may keep the reference to the creator object alive longer than
> necessary. If possible, the class should be made into a static inner class.
> Since anonymous inner classes cannot be marked as static, doing this will
> require refactoring the inner class so that it is a named inner class.
> RenderContentAndSubContent.java:61, SIC_INNER_SHOULD_BE_STATIC_ANON
> - SIC: The class
> org.apache.ofbiz.content.webapp.ftl.RenderContentAndSubContent$1 could be
> refactored into a named _static_ inner class
> This class is an inner class, but does not use its embedded reference to the
> object which created it. This reference makes the instances of the class
> larger, and may keep the reference to the creator object alive longer than
> necessary. If possible, the class should be made into a static inner class.
> Since anonymous inner classes cannot be marked as static, doing this will
> require refactoring the inner class so that it is a named inner class.
> RenderContentAsText.java:55, MS_PKGPROTECT
> - MS: org.apache.ofbiz.content.webapp.ftl.RenderContentAsText.upSaveKeyNames
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The
> field could be made package protected to avoid this vulnerability.
> RenderContentAsText.java:56, MS_PKGPROTECT
> - MS: org.apache.ofbiz.content.webapp.ftl.RenderContentAsText.saveKeyNames
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The
> field could be made package protected to avoid this vulnerability.
> RenderContentAsText.java:84, SIC_INNER_SHOULD_BE_STATIC_ANON
> - SIC: The class org.apache.ofbiz.content.webapp.ftl.RenderContentAsText$1
> could be refactored into a named _static_ inner class
> This class is an inner class, but does not use its embedded reference to the
> object which created it. This reference makes the instances of the class
> larger, and may keep the reference to the creator object alive longer than
> necessary. If possible, the class should be made into a static inner class.
> Since anonymous inner classes cannot be marked as static, doing this will
> require refactoring the inner class so that it is a named inner class.
> RenderContentTransform.java:66, SIC_INNER_SHOULD_BE_STATIC_ANON
> - SIC: The class org.apache.ofbiz.content.webapp.ftl.RenderContentTransform$1
> could be refactored into a named _static_ inner class
> This class is an inner class, but does not use its embedded reference to the
> object which created it. This reference makes the instances of the class
> larger, and may keep the reference to the creator object alive longer than
> necessary. If possible, the class should be made into a static inner class.
> Since anonymous inner classes cannot be marked as static, doing this will
> require refactoring the inner class so that it is a named inner class.
> RenderSubContentAsText.java:51, MS_PKGPROTECT
> - MS:
> org.apache.ofbiz.content.webapp.ftl.RenderSubContentAsText.upSaveKeyNames
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The
> field could be made package protected to avoid this vulnerability.
> RenderSubContentAsText.java:52, MS_PKGPROTECT
> - MS: org.apache.ofbiz.content.webapp.ftl.RenderSubContentAsText.saveKeyNames
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The
> field could be made package protected to avoid this vulnerability.
> RenderSubContentAsText.java:83, SIC_INNER_SHOULD_BE_STATIC_ANON
> - SIC: The class org.apache.ofbiz.content.webapp.ftl.RenderSubContentAsText$1
> could be refactored into a named _static_ inner class
> This class is an inner class, but does not use its embedded reference to the
> object which created it. This reference makes the instances of the class
> larger, and may keep the reference to the creator object alive longer than
> necessary. If possible, the class should be made into a static inner class.
> Since anonymous inner classes cannot be marked as static, doing this will
> require refactoring the inner class so that it is a named inner class.
> RenderSubContentCacheTransform.java:55, MS_PKGPROTECT
> - MS:
> org.apache.ofbiz.content.webapp.ftl.RenderSubContentCacheTransform.upSaveKeyNames
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The
> field could be made package protected to avoid this vulnerability.
> RenderSubContentCacheTransform.java:113, SIC_INNER_SHOULD_BE_STATIC_ANON
> - SIC: The class
> org.apache.ofbiz.content.webapp.ftl.RenderSubContentCacheTransform$1 could be
> refactored into a named _static_ inner class
> This class is an inner class, but does not use its embedded reference to the
> object which created it. This reference makes the instances of the class
> larger, and may keep the reference to the creator object alive longer than
> necessary. If possible, the class should be made into a static inner class.
> Since anonymous inner classes cannot be marked as static, doing this will
> require refactoring the inner class so that it is a named inner class.
> RenderSubContentCacheTransform.java:198, NP_LOAD_OF_KNOWN_NULL_VALUE
> - NP: Load of known null value in
> org.apache.ofbiz.content.webapp.ftl.RenderSubContentCacheTransform$1.closeEditWrap(Writer,
> String)
> The variable referenced at this point is known to be null due to an earlier
> check against null. Although this is valid, it might be a mistake (perhaps
> you intended to refer to a different variable, or perhaps the earlier check
> to see if the variable is null should have been a check to see if it was
> non-null).
> RenderSubContentTransform.java:107, SIC_INNER_SHOULD_BE_STATIC_ANON
> - SIC: The class
> org.apache.ofbiz.content.webapp.ftl.RenderSubContentTransform$1 could be
> refactored into a named _static_ inner class
> This class is an inner class, but does not use its embedded reference to the
> object which created it. This reference makes the instances of the class
> larger, and may keep the reference to the creator object alive longer than
> necessary. If possible, the class should be made into a static inner class.
> Since anonymous inner classes cannot be marked as static, doing this will
> require refactoring the inner class so that it is a named inner class.
> RenderSubContentTransform.java:141, UCF_USELESS_CONTROL_FLOW
> - UCF: Useless control flow in
> org.apache.ofbiz.content.webapp.ftl.RenderSubContentTransform$1.renderSubContent()
> This method contains a useless control flow statement, where control flow
> continues onto the same place regardless of whether or not the branch is
> taken. For example, this is caused by having an empty statement block for an
> if statement:
> if (argv.length == 0) {
> // TODO: handle this case
> }
> TraverseSubContentCacheTransform.java:52, MS_PKGPROTECT
> - MS:
> org.apache.ofbiz.content.webapp.ftl.TraverseSubContentCacheTransform.upSaveKeyNames
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The
> field could be made package protected to avoid this vulnerability.
> TraverseSubContentCacheTransform.java:53, MS_PKGPROTECT
> - MS:
> org.apache.ofbiz.content.webapp.ftl.TraverseSubContentCacheTransform.saveKeyNames
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The
> field could be made package protected to avoid this vulnerability.
> TraverseSubContentCacheTransform.java:135, SIC_INNER_SHOULD_BE_STATIC_ANON
> - SIC: The class
> org.apache.ofbiz.content.webapp.ftl.TraverseSubContentCacheTransform$1 could
> be refactored into a named _static_ inner class
> This class is an inner class, but does not use its embedded reference to the
> object which created it. This reference makes the instances of the class
> larger, and may keep the reference to the creator object alive longer than
> necessary. If possible, the class should be made into a static inner class.
> Since anonymous inner classes cannot be marked as static, doing this will
> require refactoring the inner class so that it is a named inner class.
> TraverseSubContentCacheTransform.java:235, NP_NULL_ON_SOME_PATH
> - NP: Possible null pointer dereference of contentIdStart in
> org.apache.ofbiz.content.webapp.ftl.TraverseSubContentCacheTransform$1.populateContext(Map,
> Map)
> There is a branch of statement that, if executed, guarantees that a null
> value will be dereferenced, which would generate a NullPointerException when
> the code is executed. Of course, the problem might be that the branch or
> statement is infeasible and that the null pointer exception can't ever be
> executed; deciding that is beyond the ability of FindBugs.
> TraverseSubContentTransform.java:55, MS_PKGPROTECT
> - MS:
> org.apache.ofbiz.content.webapp.ftl.TraverseSubContentTransform.saveKeyNames
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The
> field could be made package protected to avoid this vulnerability.
> TraverseSubContentTransform.java:56, MS_PKGPROTECT
> - MS:
> org.apache.ofbiz.content.webapp.ftl.TraverseSubContentTransform.removeKeyNames
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The
> field could be made package protected to avoid this vulnerability.
> TraverseSubContentTransform.java:143, SIC_INNER_SHOULD_BE_STATIC_ANON
> - SIC: The class
> org.apache.ofbiz.content.webapp.ftl.TraverseSubContentTransform$1 could be
> refactored into a named _static_ inner class
> This class is an inner class, but does not use its embedded reference to the
> object which created it. This reference makes the instances of the class
> larger, and may keep the reference to the creator object alive longer than
> necessary. If possible, the class should be made into a static inner class.
> Since anonymous inner classes cannot be marked as static, doing this will
> require refactoring the inner class so that it is a named inner class.
> WrapSubContentCacheTransform.java:52, MS_PKGPROTECT
> - MS:
> org.apache.ofbiz.content.webapp.ftl.WrapSubContentCacheTransform.upSaveKeyNames
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The
> field could be made package protected to avoid this vulnerability.
> WrapSubContentCacheTransform.java:53, MS_PKGPROTECT
> - MS:
> org.apache.ofbiz.content.webapp.ftl.WrapSubContentCacheTransform.saveKeyNames
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The
> field could be made package protected to avoid this vulnerability.
> WrapSubContentCacheTransform.java:142, SIC_INNER_SHOULD_BE_STATIC_ANON
> - SIC: The class
> org.apache.ofbiz.content.webapp.ftl.WrapSubContentCacheTransform$1 could be
> refactored into a named _static_ inner class
> This class is an inner class, but does not use its embedded reference to the
> object which created it. This reference makes the instances of the class
> larger, and may keep the reference to the creator object alive longer than
> necessary. If possible, the class should be made into a static inner class.
> Since anonymous inner classes cannot be marked as static, doing this will
> require refactoring the inner class so that it is a named inner class.
> WrapSubContentCacheTransform.java:176, NP_LOAD_OF_KNOWN_NULL_VALUE
> - NP: Load of known null value in
> org.apache.ofbiz.content.webapp.ftl.WrapSubContentCacheTransform$1.close()
> The variable referenced at this point is known to be null due to an earlier
> check against null. Although this is valid, it might be a mistake (perhaps
> you intended to refer to a different variable, or perhaps the earlier check
> to see if the variable is null should have been a check to see if it was
> non-null).
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
