[
https://issues.apache.org/jira/browse/OFBIZ-13308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18033292#comment-18033292
]
ASF subversion and git services commented on OFBIZ-13308:
---------------------------------------------------------
Commit 3bb162ad37684bc035c9c9273f98d6cde0e11808 in ofbiz-framework's branch
refs/heads/trunk from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=3bb162ad37 ]
Fixed: OFBiz entity import screen is broken (OFBIZ-13308)
The fix is easy, just bypass the "Prevents stream exploitation" block like for
ControlFilterTests.
As the fix bypasses this block I have also checked that the
"webtools/control/entityImport" URI can't be used for another possible
vulnerability, either with or w/o entity-engine XML data in "fulltext" area.
In these cases the message "EntityImportNoXmlFileSpecified"
(ie <<No filename/URL or complete XML document specified, doing nothing.>>)
is showed below the "fulltext" area. In other words the "Import Text" button
must be used, using the URI only does nothing but showing the page.
Thanks: Deepak for report
> OFBiz entity import screen is broken
> ------------------------------------
>
> Key: OFBIZ-13308
> URL: https://issues.apache.org/jira/browse/OFBIZ-13308
> Project: OFBiz
> Issue Type: Bug
> Components: webtools
> Affects Versions: 24.09.03
> Reporter: Deepak Dixit
> Assignee: Jacques Le Roux
> Priority: Major
> Attachments: Screenshot 2025-10-27 at 5.30.04 PM.png
>
>
> The entity import screen broken, while import data it throw following error
> h1. HTTP Status 500 - Internal Server Error
>
> Steps to reproduce:
> * Goto [https://demo-stable.ofbiz.apache.org/webtools/control/entityImport]
> * Import any xml data from screen
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
