[
https://issues.apache.org/jira/browse/OFBIZ-13147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17892599#comment-17892599
]
ASF subversion and git services commented on OFBIZ-13147:
---------------------------------------------------------
Commit 42b9ad8dbd416bf7ed73ad95e94681329cc83ac7 in ofbiz-framework's branch
refs/heads/trunk from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=42b9ad8dbd ]
Improved: Prevent URL parameters manipulation (OFBIZ-13147)
The "JavaScriptEnabled=Y" and "&wt=javabin" references are weaknesses.
I temporarily put them in ControlFilter::doFilter to allow things (demo and
integration tests) to work for my test (only possible on a site w. domain IP),
ie not locally.
I think we can remove "JavaScriptEnabled=Y". I put it there because we use it
in links at https://ofbiz.apache.org/ofbiz-demos.html. Maybe other places where
it's easy to remove w/o side effects. It's anyway an user preference, not
mandatory in query string.
I needed "&wt=javabin" for the Solr tests to pass. Sometimes ago I already faced
a such issue. And then put in place what's needed. ControlFilter::isSolrTest is
the solution by generalising this usage.
> Prevent URL parameters manipulation
> -----------------------------------
>
> Key: OFBIZ-13147
> URL: https://issues.apache.org/jira/browse/OFBIZ-13147
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL APPLICATIONS, ALL PLUGINS
> Affects Versions: 18.12.16
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Major
> Fix For: 18.12.17
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
