details: /erp/devel/pi/rev/64d9ea836ba2
changeset: 6694:64d9ea836ba2
user: Gorka Ion Damián <gorkaion.damian <at> openbravo.com>
date: Fri Mar 12 17:13:27 2010 +0100
summary: Related to issue 12652. Fixes DAL security issue.
diffstat:
src/org/openbravo/erpCommon/ad_callouts/SL_GlobalUse_Product.java |
18 ++++++---
src/org/openbravo/erpCommon/ad_callouts/SL_Internal_Consumption_Product.java |
18 ++++++---
src/org/openbravo/erpCommon/ad_callouts/SL_Inventory_Product.java |
18 ++++++---
src/org/openbravo/erpCommon/ad_callouts/SL_Movement_Product.java |
18 ++++++---
src/org/openbravo/erpCommon/ad_callouts/SL_PC_Case_Product.java |
18 ++++++---
src/org/openbravo/erpCommon/ad_callouts/SL_Production_Product.java |
18 ++++++---
src/org/openbravo/erpCommon/ad_callouts/SL_RequisitionLine_Product.java |
18 ++++++---
src/org/openbravo/erpCommon/info/AttributeSetInstance.java |
12 +++++-
8 files changed, 93 insertions(+), 45 deletions(-)
diffs (274 lines):
diff -r 21035403a4bd -r 64d9ea836ba2
src/org/openbravo/erpCommon/ad_callouts/SL_GlobalUse_Product.java
--- a/src/org/openbravo/erpCommon/ad_callouts/SL_GlobalUse_Product.java Fri Mar
12 15:33:06 2010 +0100
+++ b/src/org/openbravo/erpCommon/ad_callouts/SL_GlobalUse_Product.java Fri Mar
12 17:13:27 2010 +0100
@@ -28,6 +28,7 @@
import org.openbravo.base.secureApp.HttpSecureAppServlet;
import org.openbravo.base.secureApp.VariablesSecureApp;
+import org.openbravo.dal.core.OBContext;
import org.openbravo.dal.service.OBDal;
import org.openbravo.data.FieldProvider;
import org.openbravo.erpCommon.utility.ComboTableData;
@@ -90,12 +91,17 @@
+ FormatUtilities.replaceJS(SLInOutLineProductData.attribute(this,
strPAttr)) + "\"),\n");
String strAttrSet, strAttrSetValueType;
strAttrSet = strAttrSetValueType = "";
- final Product product = OBDal.getInstance().get(Product.class,
strMProductID);
- if (product != null) {
- AttributeSet attributeset = product.getAttributeSet();
- if (attributeset != null)
- strAttrSet = product.getAttributeSet().toString();
- strAttrSetValueType = product.getUseAttributeSetValueAs();
+ final boolean prevMode =
OBContext.getOBContext().setInAdministratorMode(true);
+ try {
+ final Product product = OBDal.getInstance().get(Product.class,
strMProductID);
+ if (product != null) {
+ AttributeSet attributeset = product.getAttributeSet();
+ if (attributeset != null)
+ strAttrSet = product.getAttributeSet().toString();
+ strAttrSetValueType = product.getUseAttributeSetValueAs();
+ }
+ } finally {
+ OBContext.getOBContext().setInAdministratorMode(prevMode);
}
resultado.append("new Array(\"inpattributeset\", \"" +
FormatUtilities.replaceJS(strAttrSet)
+ "\"),\n");
diff -r 21035403a4bd -r 64d9ea836ba2
src/org/openbravo/erpCommon/ad_callouts/SL_Internal_Consumption_Product.java
---
a/src/org/openbravo/erpCommon/ad_callouts/SL_Internal_Consumption_Product.java
Fri Mar 12 15:33:06 2010 +0100
+++
b/src/org/openbravo/erpCommon/ad_callouts/SL_Internal_Consumption_Product.java
Fri Mar 12 17:13:27 2010 +0100
@@ -28,6 +28,7 @@
import org.openbravo.base.secureApp.HttpSecureAppServlet;
import org.openbravo.base.secureApp.VariablesSecureApp;
+import org.openbravo.dal.core.OBContext;
import org.openbravo.dal.service.OBDal;
import org.openbravo.data.FieldProvider;
import org.openbravo.erpCommon.utility.ComboTableData;
@@ -99,12 +100,17 @@
+ FormatUtilities.replaceJS(SLInOutLineProductData.attribute(this,
strPAttr)) + "\"),\n");
String strAttrSet, strAttrSetValueType;
strAttrSet = strAttrSetValueType = "";
- final Product product = OBDal.getInstance().get(Product.class, strProduct);
- if (product != null) {
- AttributeSet attributeset = product.getAttributeSet();
- if (attributeset != null)
- strAttrSet = product.getAttributeSet().toString();
- strAttrSetValueType = product.getUseAttributeSetValueAs();
+ final boolean prevMode =
OBContext.getOBContext().setInAdministratorMode(true);
+ try {
+ final Product product = OBDal.getInstance().get(Product.class,
strProduct);
+ if (product != null) {
+ AttributeSet attributeset = product.getAttributeSet();
+ if (attributeset != null)
+ strAttrSet = product.getAttributeSet().toString();
+ strAttrSetValueType = product.getUseAttributeSetValueAs();
+ }
+ } finally {
+ OBContext.getOBContext().setInAdministratorMode(prevMode);
}
resultado.append("new Array(\"inpattributeset\", \"" +
FormatUtilities.replaceJS(strAttrSet)
+ "\"),\n");
diff -r 21035403a4bd -r 64d9ea836ba2
src/org/openbravo/erpCommon/ad_callouts/SL_Inventory_Product.java
--- a/src/org/openbravo/erpCommon/ad_callouts/SL_Inventory_Product.java Fri Mar
12 15:33:06 2010 +0100
+++ b/src/org/openbravo/erpCommon/ad_callouts/SL_Inventory_Product.java Fri Mar
12 17:13:27 2010 +0100
@@ -28,6 +28,7 @@
import org.openbravo.base.secureApp.HttpSecureAppServlet;
import org.openbravo.base.secureApp.VariablesSecureApp;
+import org.openbravo.dal.core.OBContext;
import org.openbravo.dal.service.OBDal;
import org.openbravo.data.FieldProvider;
import org.openbravo.erpCommon.utility.ComboTableData;
@@ -97,12 +98,17 @@
+ FormatUtilities.replaceJS(SLInOutLineProductData.attribute(this,
strAttribute)) + "\"),");
String strAttrSet, strAttrSetValueType;
strAttrSet = strAttrSetValueType = "";
- final Product product = OBDal.getInstance().get(Product.class, strProduct);
- if (product != null) {
- AttributeSet attributeset = product.getAttributeSet();
- if (attributeset != null)
- strAttrSet = product.getAttributeSet().toString();
- strAttrSetValueType = product.getUseAttributeSetValueAs();
+ final boolean prevMode =
OBContext.getOBContext().setInAdministratorMode(true);
+ try {
+ final Product product = OBDal.getInstance().get(Product.class,
strProduct);
+ if (product != null) {
+ AttributeSet attributeset = product.getAttributeSet();
+ if (attributeset != null)
+ strAttrSet = product.getAttributeSet().toString();
+ strAttrSetValueType = product.getUseAttributeSetValueAs();
+ }
+ } finally {
+ OBContext.getOBContext().setInAdministratorMode(prevMode);
}
resultado.append("new Array(\"inpattributeset\", \"" +
FormatUtilities.replaceJS(strAttrSet)
+ "\"),\n");
diff -r 21035403a4bd -r 64d9ea836ba2
src/org/openbravo/erpCommon/ad_callouts/SL_Movement_Product.java
--- a/src/org/openbravo/erpCommon/ad_callouts/SL_Movement_Product.java Fri Mar
12 15:33:06 2010 +0100
+++ b/src/org/openbravo/erpCommon/ad_callouts/SL_Movement_Product.java Fri Mar
12 17:13:27 2010 +0100
@@ -28,6 +28,7 @@
import org.openbravo.base.secureApp.HttpSecureAppServlet;
import org.openbravo.base.secureApp.VariablesSecureApp;
+import org.openbravo.dal.core.OBContext;
import org.openbravo.dal.service.OBDal;
import org.openbravo.data.FieldProvider;
import org.openbravo.erpCommon.utility.ComboTableData;
@@ -100,12 +101,17 @@
+ FormatUtilities.replaceJS(SLInOutLineProductData.attribute(this,
strAttribute)) + "\"),");
String strAttrSet, strAttrSetValueType;
strAttrSet = strAttrSetValueType = "";
- final Product product = OBDal.getInstance().get(Product.class,
strMProductID);
- if (product != null) {
- AttributeSet attributeset = product.getAttributeSet();
- if (attributeset != null)
- strAttrSet = product.getAttributeSet().toString();
- strAttrSetValueType = product.getUseAttributeSetValueAs();
+ final boolean prevMode =
OBContext.getOBContext().setInAdministratorMode(true);
+ try {
+ final Product product = OBDal.getInstance().get(Product.class,
strMProductID);
+ if (product != null) {
+ AttributeSet attributeset = product.getAttributeSet();
+ if (attributeset != null)
+ strAttrSet = product.getAttributeSet().toString();
+ strAttrSetValueType = product.getUseAttributeSetValueAs();
+ }
+ } finally {
+ OBContext.getOBContext().setInAdministratorMode(prevMode);
}
resultado.append("new Array(\"inpattributeset\", \"" +
FormatUtilities.replaceJS(strAttrSet)
+ "\"),\n");
diff -r 21035403a4bd -r 64d9ea836ba2
src/org/openbravo/erpCommon/ad_callouts/SL_PC_Case_Product.java
--- a/src/org/openbravo/erpCommon/ad_callouts/SL_PC_Case_Product.java Fri Mar
12 15:33:06 2010 +0100
+++ b/src/org/openbravo/erpCommon/ad_callouts/SL_PC_Case_Product.java Fri Mar
12 17:13:27 2010 +0100
@@ -28,6 +28,7 @@
import org.openbravo.base.secureApp.HttpSecureAppServlet;
import org.openbravo.base.secureApp.VariablesSecureApp;
+import org.openbravo.dal.core.OBContext;
import org.openbravo.dal.service.OBDal;
import org.openbravo.model.common.plm.AttributeSet;
import org.openbravo.model.common.plm.AttributeSetInstance;
@@ -83,12 +84,17 @@
+ FormatUtilities.replaceJS(strattrsetvaluesdescr) + "\"),\n");
String strAttrSet, strAttrSetValueType;
strAttrSet = strAttrSetValueType = "";
- final Product product = OBDal.getInstance().get(Product.class,
strMProductID);
- if (product != null) {
- AttributeSet attributeset = product.getAttributeSet();
- if (attributeset != null)
- strAttrSet = product.getAttributeSet().toString();
- strAttrSetValueType = product.getUseAttributeSetValueAs();
+ final boolean prevMode =
OBContext.getOBContext().setInAdministratorMode(true);
+ try {
+ final Product product = OBDal.getInstance().get(Product.class,
strMProductID);
+ if (product != null) {
+ AttributeSet attributeset = product.getAttributeSet();
+ if (attributeset != null)
+ strAttrSet = product.getAttributeSet().toString();
+ strAttrSetValueType = product.getUseAttributeSetValueAs();
+ }
+ } finally {
+ OBContext.getOBContext().setInAdministratorMode(prevMode);
}
result.append("new Array(\"inpattributeset\", \"" +
FormatUtilities.replaceJS(strAttrSet)
+ "\"),\n");
diff -r 21035403a4bd -r 64d9ea836ba2
src/org/openbravo/erpCommon/ad_callouts/SL_Production_Product.java
--- a/src/org/openbravo/erpCommon/ad_callouts/SL_Production_Product.java
Fri Mar 12 15:33:06 2010 +0100
+++ b/src/org/openbravo/erpCommon/ad_callouts/SL_Production_Product.java
Fri Mar 12 17:13:27 2010 +0100
@@ -28,6 +28,7 @@
import org.openbravo.base.secureApp.HttpSecureAppServlet;
import org.openbravo.base.secureApp.VariablesSecureApp;
+import org.openbravo.dal.core.OBContext;
import org.openbravo.dal.service.OBDal;
import org.openbravo.data.FieldProvider;
import org.openbravo.erpCommon.utility.ComboTableData;
@@ -99,12 +100,17 @@
+ FormatUtilities.replaceJS(SLInOutLineProductData.attribute(this,
strPAttr)) + "\"),\n");
String strAttrSet, strAttrSetValueType;
strAttrSet = strAttrSetValueType = "";
- final Product product = OBDal.getInstance().get(Product.class, strProduct);
- if (product != null) {
- AttributeSet attributeset = product.getAttributeSet();
- if (attributeset != null)
- strAttrSet = product.getAttributeSet().toString();
- strAttrSetValueType = product.getUseAttributeSetValueAs();
+ final boolean prevMode =
OBContext.getOBContext().setInAdministratorMode(true);
+ try {
+ final Product product = OBDal.getInstance().get(Product.class,
strProduct);
+ if (product != null) {
+ AttributeSet attributeset = product.getAttributeSet();
+ if (attributeset != null)
+ strAttrSet = product.getAttributeSet().toString();
+ strAttrSetValueType = product.getUseAttributeSetValueAs();
+ }
+ } finally {
+ OBContext.getOBContext().setInAdministratorMode(prevMode);
}
resultado.append("new Array(\"inpattributeset\", \"" +
FormatUtilities.replaceJS(strAttrSet)
+ "\"),\n");
diff -r 21035403a4bd -r 64d9ea836ba2
src/org/openbravo/erpCommon/ad_callouts/SL_RequisitionLine_Product.java
--- a/src/org/openbravo/erpCommon/ad_callouts/SL_RequisitionLine_Product.java
Fri Mar 12 15:33:06 2010 +0100
+++ b/src/org/openbravo/erpCommon/ad_callouts/SL_RequisitionLine_Product.java
Fri Mar 12 17:13:27 2010 +0100
@@ -29,6 +29,7 @@
import org.openbravo.base.secureApp.HttpSecureAppServlet;
import org.openbravo.base.secureApp.VariablesSecureApp;
+import org.openbravo.dal.core.OBContext;
import org.openbravo.dal.service.OBDal;
import org.openbravo.data.FieldProvider;
import org.openbravo.erpCommon.utility.ComboTableData;
@@ -144,12 +145,17 @@
+ "\"),\n");
String strAttrSet, strAttrSetValueType;
strAttrSet = strAttrSetValueType = "";
- final Product product = OBDal.getInstance().get(Product.class,
strMProductID);
- if (product != null) {
- AttributeSet attributeset = product.getAttributeSet();
- if (attributeset != null)
- strAttrSet = product.getAttributeSet().toString();
- strAttrSetValueType = product.getUseAttributeSetValueAs();
+ final boolean prevMode =
OBContext.getOBContext().setInAdministratorMode(true);
+ try {
+ final Product product = OBDal.getInstance().get(Product.class,
strMProductID);
+ if (product != null) {
+ AttributeSet attributeset = product.getAttributeSet();
+ if (attributeset != null)
+ strAttrSet = product.getAttributeSet().toString();
+ strAttrSetValueType = product.getUseAttributeSetValueAs();
+ }
+ } finally {
+ OBContext.getOBContext().setInAdministratorMode(prevMode);
}
resultado.append("new Array(\"inpattributeset\", \"" +
FormatUtilities.replaceJS(strAttrSet)
+ "\"),\n");
diff -r 21035403a4bd -r 64d9ea836ba2
src/org/openbravo/erpCommon/info/AttributeSetInstance.java
--- a/src/org/openbravo/erpCommon/info/AttributeSetInstance.java Fri Mar
12 15:33:06 2010 +0100
+++ b/src/org/openbravo/erpCommon/info/AttributeSetInstance.java Fri Mar
12 17:13:27 2010 +0100
@@ -29,6 +29,7 @@
import org.openbravo.base.secureApp.HttpSecureAppServlet;
import org.openbravo.base.secureApp.VariablesSecureApp;
+import org.openbravo.dal.core.OBContext;
import org.openbravo.dal.service.OBDal;
import org.openbravo.database.ConnectionProvider;
import org.openbravo.erpCommon.utility.DateTimeData;
@@ -97,9 +98,14 @@
if (log4j.isDebugEnabled())
log4j.debug("strNameValue: " + strNameValue);
String strAttrSetValueType = "";
- final Product product = OBDal.getInstance().get(Product.class,
strProduct);
- if (product != null) {
- strAttrSetValueType = product.getUseAttributeSetValueAs();
+ final boolean prevMode =
OBContext.getOBContext().setInAdministratorMode(true);
+ try {
+ final Product product = OBDal.getInstance().get(Product.class,
strProduct);
+ if (product != null) {
+ strAttrSetValueType = product.getUseAttributeSetValueAs();
+ }
+ } finally {
+ OBContext.getOBContext().setInAdministratorMode(prevMode);
}
if (!strAttributeSet.equals("")) {
if ("F".equals(strAttrSetValueType))
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Openbravo-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openbravo-commits
