[ https://issues.apache.org/jira/browse/OFBIZ-12602?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacques Le Roux updated OFBIZ-12602: ------------------------------------ Attachment: OFBIZ-12602.patch > XML Import fails due to security check > -------------------------------------- > > Key: OFBIZ-12602 > URL: https://issues.apache.org/jira/browse/OFBIZ-12602 > Project: OFBiz > Issue Type: Bug > Components: framework/webtools > Affects Versions: 17.12.09, 18.12.05, Upcoming Branch > Reporter: Ingo Wolfmayr > Assignee: Jacques Le Roux > Priority: Minor > Attachments: OFBIZ-12602.patch > > > When importing an entity like > > {code:java} > <SystemProperty systemResourceId="catalog" > systemPropertyId="image.server.path" > systemPropertyValue="${sys:getProperty("ofbiz.home")}/themes/common-theme/webapp/images/${tenantId}" > description="Image upload path on the server." lastUpdatedStamp="2022-04-14 > 12:00:12.597" lastUpdatedTxStamp="2022-04-14 12:00:12.596" > createdStamp="2022-04-14 12:00:12.597" createdTxStamp="2022-04-14 > 12:00:12.596"/>{code} > > I get the following info message. > {code:java} > HTTP Status 403 – Forbidden > Type Status Report > Message Not saved for security reason, strings '${', '<#', '#{', '[=' or '[#' > not accepted in fields! > Description The server understood the request but refuses to authorize it. > {code} > I do have the same problem when I try to update the value via entity > mainainance. Importing an XML file works. > Would it make sense to bypass the check if the user has the appropriate > permissions? > > -- This message was sent by Atlassian Jira (v8.20.7#820007)