[
https://issues.apache.org/jira/browse/OFBIZ-13133?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jacques Le Roux reopened OFBIZ-13133:
-------------------------------------
Reopening
Hi Guys,
You missed something: security.allowedScriptlets
[When running integration tests
|https://ci2.apache.org/#/builders/49/builds/1111] we get these errors:
{code:java}
2025-01-02 14:39:27,248 |main |ScriptUtil |W| Tried to execute unauthorized
script
****
import org.apache.ofbiz.base.util.UtilProperties; return
(UtilProperties.getMessage('ProductUiLabels',
'ProductInventoryATPNotAvailable', ['unavailableQuantity' :
quantityNotTransferred, 'xferQty': parameters.quantity], locale))
****
if it's safe script you can add the following hash to
security.allowedScriptlets:
{SHA}ff6969ee933cf509842bd36e3541fe88761b93f9
{code}
{code:java}
2025-01-02 14:41:06,902 |main |ScriptUtil |W| Tried to execute unauthorized
script
****
java.sql.Timestamp orderDate = orderHeader.getTimestamp("orderDate")
com.ibm.icu.util.Calendar cal = com.ibm.icu.util.Calendar.getInstance()
cal.setTimeInMillis(orderDate.getTime())
cal.add(com.ibm.icu.util.Calendar.DAY_OF_YEAR, daysToShip.intValue())
return org.apache.ofbiz.base.util.UtilMisc.toMap("promisedDatetime", new
java.sql.Timestamp(cal.getTimeInMillis()))
****
if it's safe script you can add the following hash to
security.allowedScriptlets:
{SHA}61ba0f36d69eef9831488c00eb374655e7dd426a
{code}
{code:java}
2025-01-02 14:45:03,245 |main |ScriptUtil |W| Tried to execute unauthorized
script
****
checkOutHelper = new
org.apache.ofbiz.order.shoppingcart.CheckOutHelper(dispatcher, delegator,
shoppingCart);
java.util.Map orderMap = checkOutHelper.createOrder(userLogin);
parameters.put("orderMap", orderMap);
****
if it's safe script you can add the following hash to
security.allowedScriptlets:
{SHA}4a3bf6fc4b30fa89e93b2209aa40c243384e89f6
{code}
BTW, better to explicity say it's a property in security.properties ;)
> Allow to use GroovyDsl in FlexibleStringExpander
> ------------------------------------------------
>
> Key: OFBIZ-13133
> URL: https://issues.apache.org/jira/browse/OFBIZ-13133
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL COMPONENTS
> Affects Versions: Upcoming Branch
> Reporter: Charles STELTZLEN
> Assignee: Nicolas Malin
> Priority: Minor
> Fix For: Upcoming Branch, 24.09.01
>
> Attachments: exemple_of_usage.png
>
>
> It will allow to call a GroovyDSL method (label, from, run service ...)
> directly instead of calling the Java class in flexible string expander.
>
> The standard syntax like the first line can be replaced by the second one
> (from MrpScreens.xml line 64):
> <set field="eventMessage" value="${groovy:
> org.apache.ofbiz.base.util.UtilProperties.getMessage('ManufacturingUiLabels',
> 'ManufacturingMrpRunScheduledSuccessfully', locale)}"/>
>
> <set field="eventMessage" value="${groovy:
> label('ManufacturingUiLabels','ManufacturingMrpRunScheduledSuccessfully')}"/>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
