[
https://issues.apache.org/jira/browse/OFBIZ-12602?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jacques Le Roux updated OFBIZ-12602:
------------------------------------
Attachment: OFBIZ-12602.patch
> XML Import fails due to security check
> --------------------------------------
>
> Key: OFBIZ-12602
> URL: https://issues.apache.org/jira/browse/OFBIZ-12602
> Project: OFBiz
> Issue Type: Bug
> Components: framework/webtools
> Affects Versions: 17.12.09, 18.12.05, Upcoming Branch
> Reporter: Ingo Wolfmayr
> Assignee: Jacques Le Roux
> Priority: Minor
> Attachments: OFBIZ-12602.patch
>
>
> When importing an entity like
>
> {code:java}
> <SystemProperty systemResourceId="catalog"
> systemPropertyId="image.server.path"
> systemPropertyValue="${sys:getProperty("ofbiz.home")}/themes/common-theme/webapp/images/${tenantId}"
> description="Image upload path on the server." lastUpdatedStamp="2022-04-14
> 12:00:12.597" lastUpdatedTxStamp="2022-04-14 12:00:12.596"
> createdStamp="2022-04-14 12:00:12.597" createdTxStamp="2022-04-14
> 12:00:12.596"/>{code}
>
> I get the following info message.
> {code:java}
> HTTP Status 403 – Forbidden
> Type Status Report
> Message Not saved for security reason, strings '${', '<#', '#{', '[=' or '[#'
> not accepted in fields!
> Description The server understood the request but refuses to authorize it.
> {code}
> I do have the same problem when I try to update the value via entity
> mainainance. Importing an XML file works.
> Would it make sense to bypass the check if the user has the appropriate
> permissions?
>
>
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
