buildbot success in on ofbizBranch17Framework
The Buildbot has detected a restored build on builder ofbizBranch17Framework while building ofbiz-framework. Full details are available at: https://ci.apache.org/builders/ofbizBranch17Framework/builds/546 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf945_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'onBranch17FrameworkCommit' triggered this build Build Source Stamp: [branch release17.12] 13001ee048645865908bf789ffe0a2464a06152b Blamelist: Jacques Le Roux Build succeeded! Sincerely, -The Buildbot
buildbot success in on ofbizBranch18Framework
The Buildbot has detected a restored build on builder ofbizBranch18Framework while building ofbiz-framework. Full details are available at: https://ci.apache.org/builders/ofbizBranch18Framework/builds/417 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf947_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'onBranch18FrameworkCommit' triggered this build Build Source Stamp: [branch release18.12] b57c563e89f1839ed79a64c08daa8f4fdd814680 Blamelist: Jacques Le Roux Build succeeded! Sincerely, -The Buildbot
[ofbiz-framework] 02/04: Fixed: Label issue on List Companies page (OFBIZ-12023)
This is an automated email from the ASF dual-hosted git repository. jleroux pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git commit b549b9aa1947981d7ac9040efb9bc9ce95354e74 Author: Jacques Le Roux AuthorDate: Sun Dec 6 19:06:26 2020 +0100 Fixed: Label issue on List Companies page (OFBIZ-12023) Navigate to URL: 'accounting/control/ListCompanies' Under the companies list, the 2nd column has button for account The System is not showing proper label in French. This issue is occurring due to the hyperlink title is not supporting character encoding for special characters. Please track progress under OFBIZ-12026. --- applications/accounting/widget/GlSetupForms.xml | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/applications/accounting/widget/GlSetupForms.xml b/applications/accounting/widget/GlSetupForms.xml index f4a66e3..6b3ebf6 100644 --- a/applications/accounting/widget/GlSetupForms.xml +++ b/applications/accounting/widget/GlSetupForms.xml @@ -18,7 +18,7 @@ specific language governing permissions and limitations under the License. --> -http://www.w3.org/2001/XMLSchema-instance; +http://www.w3.org/2001/XMLSchema-instance; xmlns="http://ofbiz.apache.org/Widget-Form; xsi:schemaLocation="http://ofbiz.apache.org/Widget-Form http://ofbiz.apache.org/dtds/widget-form.xsd;> - + @@ -375,7 +375,7 @@ under the License. @@ -1188,7 +1188,7 @@ under the License. - +
[ofbiz-framework] 03/04: Improved: Adds the HTML accept Attribute in form widgets and Freemaker templates (OFBIZ-12049)
This is an automated email from the ASF dual-hosted git repository. jleroux pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git commit fdeedf23ee8fb9d9eec45925f044252be153c7ff Author: Jacques Le Roux AuthorDate: Mon Dec 7 15:08:55 2020 +0100 Improved: Adds the HTML accept Attribute in form widgets and Freemaker templates (OFBIZ-12049) As explained at https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/accept this is only an help for the users (ie not a security feature), but an appreciable one easy to implement. Here we start with website/WebSiteCMSContent.ftl Also add some missing file extensions --- .../content/template/website/WebSiteCMSContent.ftl| 19 +++ applications/datamodel/data/seed/ContentSeedData.xml | 5 + 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/applications/content/template/website/WebSiteCMSContent.ftl b/applications/content/template/website/WebSiteCMSContent.ftl index 67b3df9..7a81a5c 100644 --- a/applications/content/template/website/WebSiteCMSContent.ftl +++ b/applications/content/template/website/WebSiteCMSContent.ftl @@ -333,7 +333,18 @@ ${uiLabelMap.CommonUpload} - +<#if dataResourceTypeId == 'IMAGE_OBJECT'> + + +<#if dataResourceTypeId == 'VIDEO_OBJECT'> + + +<#if dataResourceTypeId == 'AUDIO_OBJECT'> + + +<#if dataResourceTypeId == 'OTHER_OBJECT' || dataResourceTypeId == 'LOCAL_FILE' || dataResourceTypeId == 'OFBIZ_FILE' > + + <#elseif (dataResourceTypeId == 'URL_RESOURCE')> @@ -354,9 +365,9 @@ - + <#if (dataText?has_content)> - ${StringUtil.wrapString(dataText.textData!)} + ${StringUtil.wrapString(dataText.textData!)} @@ -370,4 +381,4 @@ - \ No newline at end of file + diff --git a/applications/datamodel/data/seed/ContentSeedData.xml b/applications/datamodel/data/seed/ContentSeedData.xml index 54472c1..aae7cb3 100644 --- a/applications/datamodel/data/seed/ContentSeedData.xml +++ b/applications/datamodel/data/seed/ContentSeedData.xml @@ -509,8 +509,13 @@ under the License. + + + + +
[ofbiz-framework] 01/04: Fixed: Secure the uploads (OFBIZ-12080)
This is an automated email from the ASF dual-hosted git repository. jleroux pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git commit 4481f373ca45514c1e6fb86f1f1d2c6204f7a65a Author: Jacques Le Roux AuthorDate: Sun Dec 6 18:47:12 2020 +0100 Fixed: Secure the uploads (OFBIZ-12080) Handles audio and video formats supported by Tika. Adds few new audio and video formats in seed data. AFAIK there are no ways to embed a webshell in an audio or video file. So I did not sophisticate the validation, just rely on Tika. I have also fixed bugs in SecuredUpload: in isValidSvgFile and isValidImageIncludingSvgFile --- .../datamodel/data/seed/ContentSeedData.xml| 10 ++- .../org/apache/ofbiz/security/SecuredUpload.java | 94 +- 2 files changed, 82 insertions(+), 22 deletions(-) diff --git a/applications/datamodel/data/seed/ContentSeedData.xml b/applications/datamodel/data/seed/ContentSeedData.xml index fcaa664..54472c1 100644 --- a/applications/datamodel/data/seed/ContentSeedData.xml +++ b/applications/datamodel/data/seed/ContentSeedData.xml @@ -405,10 +405,15 @@ under the License. - + + - + + + + + @@ -465,6 +470,7 @@ under the License. + diff --git a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java index 4650dfd..e233228 100644 --- a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java +++ b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java @@ -151,15 +151,23 @@ public class SecuredUpload { } break; -// case "Audio": TODO if needed -// break; -// case "Video": TODO if needed -// break; +case "Audio": +if (isValidAudioFile(fileTocheck)) { +return true; +} +break; +case "Video": +if (isValidVideoFile(fileTocheck)) { +return true; +} +break; default: // All if (isValidTextFile(fileTocheck) || isValidImageIncludingSvgFile(fileTocheck) || isValidCompressedFile(fileTocheck, delegator) +|| isValidAudioFile(fileTocheck) +|| isValidVideoFile(fileTocheck) || isValidPdfFile(fileTocheck)) { return true; } @@ -299,14 +307,7 @@ public class SecuredUpload { * @throws IOException ImageReadException */ private static boolean isValidImageIncludingSvgFile(String fileName) throws ImageReadException, IOException { -Path filePath = Paths.get(fileName); -byte[] bytesFromFile = Files.readAllBytes(filePath); -ImageFormat imageFormat = Imaging.guessFormat(bytesFromFile); -return imageFormat.equals(ImageFormats.PNG) -|| imageFormat.equals(ImageFormats.GIF) -|| imageFormat.equals(ImageFormats.TIFF) -|| imageFormat.equals(ImageFormats.JPEG) -|| isValidSvgFile(fileName); +return isValidImageFile(fileName) || isValidSvgFile(fileName); } /** @@ -316,15 +317,19 @@ public class SecuredUpload { * @throws IOException */ private static boolean isValidSvgFile(String fileName) throws IOException { -Path filePath = Paths.get(fileName); -String parser = XMLResourceDescriptor.getXMLParserClassName(); -SAXSVGDocumentFactory f = new SAXSVGDocumentFactory(parser); -try { -f.createDocument(filePath.toUri().toString()); -} catch (IOException e) { -return false; +String mimeType = getMimeTypeFromFileName(fileName); +if ("image/svg+xml".equals(mimeType)) { +Path filePath = Paths.get(fileName); +String parser = XMLResourceDescriptor.getXMLParserClassName(); +SAXSVGDocumentFactory f = new SAXSVGDocumentFactory(parser); +try { +f.createDocument(filePath.toUri().toString()); +} catch (IOException e) { +return false; +} +return isValidTextFile(fileName); // Validate content to prevent webshell } -return isValidTextFile(fileName); +return false; } /** @@ -501,6 +506,55 @@ public class SecuredUpload { } /** + * Is this a valid Audio file? + * @param fileName must be an UTF-8 encoded text file + * @return true if it's a valid Audio file? + * @throws IOException + */ +private static boolean isValidAudioFile(String fileName) throws IOException { +String mimeType = getMimeTypeFromFileName(fileName); +if
[ofbiz-framework] branch trunk updated (c164494 -> 100810f)
This is an automated email from the ASF dual-hosted git repository. jleroux pushed a change to branch trunk in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git. from c164494 Fixed: Make locale available for DateFindField and DateTimeField macros (OFBIZ-12086) new 4481f37 Fixed: Secure the uploads (OFBIZ-12080) new b549b9a Fixed: Label issue on List Companies page (OFBIZ-12023) new fdeedf2 Improved: Adds the HTML accept Attribute in form widgets and Freemaker templates (OFBIZ-12049) new 100810f Fixed: Secure the uploads (OFBIZ-12080) The 4 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: applications/accounting/widget/GlSetupForms.xml| 8 +- .../content/template/website/WebSiteCMSContent.ftl | 19 - .../datamodel/data/seed/ContentSeedData.xml| 15 +++- framework/security/config/security.properties | 2 +- .../org/apache/ofbiz/security/SecuredUpload.java | 96 +- 5 files changed, 108 insertions(+), 32 deletions(-)
[ofbiz-framework] 04/04: Fixed: Secure the uploads (OFBIZ-12080)
This is an automated email from the ASF dual-hosted git repository. jleroux pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git commit 100810faeb603183643734f5efbec52e2398d7bd Author: Jacques Le Roux AuthorDate: Mon Dec 7 19:48:36 2020 +0100 Fixed: Secure the uploads (OFBIZ-12080) Adds audio and video as supported formats --- framework/security/config/security.properties | 2 +- .../security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/framework/security/config/security.properties b/framework/security/config/security.properties index c904be3..43ede04 100644 --- a/framework/security/config/security.properties +++ b/framework/security/config/security.properties @@ -200,7 +200,7 @@ csrf.defense.strategy= templateClassResolver= -#-- UPLOAD: supported file formats are *safe* PNG, GIF, TIFF, JPEG, PDF and ZIP +#-- UPLOAD: supported file formats are *safe* PNG, GIF, TIFF, JPEG, PDF, Audio and Video and ZIP #-- #-- No proprietary file formats (Excel, Word, etc.) are handled OOTB. #-- They can be handled by custom projects using https://github.com/righettod/document-upload-protection: diff --git a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java index e233228..0751067 100644 --- a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java +++ b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java @@ -88,7 +88,7 @@ public class SecuredUpload { // https://en.wikipedia.org/wiki/File_format // https://en.wikipedia.org/wiki/List_of_file_signatures // See also information in security.properties: -// Line #-- UPLOAD: supported file formats are *safe* PNG, GIF, TIFF, JPEG, PDF and ZIP +// Line #-- UPLOAD: supported file formats are *safe* PNG, GIF, TIFF, JPEG, PDF, Audio and Video and ZIP private static final String MODULE = SecuredUpload.class.getName();
[ofbiz-framework] branch release17.12 updated: Fixed: Secure the uploads (OFBIZ-12080)
This is an automated email from the ASF dual-hosted git repository. jleroux pushed a commit to branch release17.12 in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git The following commit(s) were added to refs/heads/release17.12 by this push: new 13001ee Fixed: Secure the uploads (OFBIZ-12080) 13001ee is described below commit 13001ee048645865908bf789ffe0a2464a06152b Author: Jacques Le Roux AuthorDate: Mon Dec 7 19:43:57 2020 +0100 Fixed: Secure the uploads (OFBIZ-12080) module should be MODULE in SecuredUpload class Improves: add adio adn video to supported file formats in security.properties # Conflicts handled by hand # framework/security/config/security.properties --- framework/security/config/security.properties| 14 +++--- .../java/org/apache/ofbiz/security/SecuredUpload.java| 16 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/framework/security/config/security.properties b/framework/security/config/security.properties index 5f4cc67..98f3a23 100644 --- a/framework/security/config/security.properties +++ b/framework/security/config/security.properties @@ -30,24 +30,24 @@ security.login.password.pattern=^.*(?=.{5,}).*$ security.login.password.pattern.description=loginservices.password_must_be_least_characters_long # -- For More restrictive pattern you can use the following, no localisation- #security.login.password.pattern=^.*(?=.{5,})(?=.*[a-zA-Z])(?=.*[!@#$%^&*]).*$ -#security.login.password.pattern.description=Your password must be 5 characters long, Only contains alphanumeric(number optional) and at least one from following special characters: !@#$%^&*. +#security.login.password.pattern.description=Your password must be 5 characters long, Only contains alphanumeric(number optional) and at least one from following special characters: !@#$%^&*. #Only contains alphanumeric and the following special characters: !@#$%^&* #Contains at least 1 of the special characters in the list above #The required special character can appear anywhere in the string (for example: !abc, a!bc, abc!) #minimum length 5 digit. # HELP # Start of group -# ( +# ( # (?=.*\d) # must contains one digit from 0-9 # (?=.*[a-z]) # must contains one lowercase characters # (?=.*[A-Z]) # must contains one uppercase characters # (?=.*[!@#$%^&*]) # must contains one special symbols in the list "!@#$%^&*" # .# match anything with previous condition checking # {5,20} # length at least 5 characters and maximum of 20 -# {5,} # minimum length 5 chars and no linitation to max length. +# {5,} # minimum length 5 chars and no linitation to max length. # ) # End of group -# For further password patterns look at +# For further password patterns look at # http://docs.oracle.com/javase/1.4.2/docs/api/java/util/regex/Pattern.html#sum # -- disable the account after this many logins -- @@ -135,11 +135,11 @@ security.login.externalLoginKey.enabled=true # -- Security key used to encrypt and decrypt the autogenerated password in forgot password functionality. login.secret_key_string=Secret Key -# -- List of domains or IP addresses to be checked to prevent Host Header Injection, +# -- List of domains or IP addresses to be checked to prevent Host Header Injection, # -- no spaces after commas,no wildcard, can be extended of course... host-headers-allowed=localhost,127.0.0.1,demo-trunk.ofbiz.apache.org,demo-stable.ofbiz.apache.org,demo-old.ofbiz.apache.org -# -- By default the SameSite value in SameSiteFilter is strict. This allows to change it to lax if needed +# -- By default the SameSite value in SameSiteFilter is strict. This allows to change it to lax if needed SameSiteCookieAttribute= # -- Freemarker TemplateClassResolver option, see OFBIZ-11709. @@ -151,7 +151,7 @@ SameSiteCookieAttribute= templateClassResolver= -#-- UPLOAD: supported file formats are *safe* PNG, GIF, TIFF, JPEG, PDF and ZIP +#-- UPLOAD: supported file formats are *safe* PNG, GIF, TIFF, JPEG, PDF, Audio and Video and ZIP #-- #-- No proprietary file formats (Excel, Word, etc.) are handled OOTB. #-- They can be handled by custom projects using https://github.com/righettod/document-upload-protection: diff --git a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java index 6247453..0751067 100644 --- a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java +++ b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java @@ -88,9 +88,9 @@ public class SecuredUpload { // https://en.wikipedia.org/wiki/File_format // https://en.wikipedia.org/wiki/List_of_file_signatures // See also information in security.properties: -//
[ofbiz-framework] branch release18.12 updated: Fixed: Secure the uploads (OFBIZ-12080)
This is an automated email from the ASF dual-hosted git repository. jleroux pushed a commit to branch release18.12 in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git The following commit(s) were added to refs/heads/release18.12 by this push: new b57c563 Fixed: Secure the uploads (OFBIZ-12080) b57c563 is described below commit b57c563e89f1839ed79a64c08daa8f4fdd814680 Author: Jacques Le Roux AuthorDate: Mon Dec 7 19:43:57 2020 +0100 Fixed: Secure the uploads (OFBIZ-12080) module should be MODULE in SecuredUpload class Improves: add adio adn video to supported file formats in security.properties --- framework/security/config/security.properties| 16 .../java/org/apache/ofbiz/security/SecuredUpload.java| 16 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/framework/security/config/security.properties b/framework/security/config/security.properties index 237b700..a5159f7 100644 --- a/framework/security/config/security.properties +++ b/framework/security/config/security.properties @@ -30,24 +30,24 @@ security.login.password.pattern=^.*(?=.{5,}).*$ security.login.password.pattern.description=loginservices.password_must_be_least_characters_long # -- For More restrictive pattern you can use the following, no localisation- #security.login.password.pattern=^.*(?=.{5,})(?=.*[a-zA-Z])(?=.*[!@#$%^&*]).*$ -#security.login.password.pattern.description=Your password must be 5 characters long, Only contains alphanumeric(number optional) and at least one from following special characters: !@#$%^&*. +#security.login.password.pattern.description=Your password must be 5 characters long, Only contains alphanumeric(number optional) and at least one from following special characters: !@#$%^&*. #Only contains alphanumeric and the following special characters: !@#$%^&* #Contains at least 1 of the special characters in the list above #The required special character can appear anywhere in the string (for example: !abc, a!bc, abc!) #minimum length 5 digit. # HELP # Start of group -# ( +# ( # (?=.*\d) # must contains one digit from 0-9 # (?=.*[a-z]) # must contains one lowercase characters # (?=.*[A-Z]) # must contains one uppercase characters # (?=.*[!@#$%^&*]) # must contains one special symbols in the list "!@#$%^&*" # .# match anything with previous condition checking # {5,20} # length at least 5 characters and maximum of 20 -# {5,} # minimum length 5 chars and no linitation to max length. +# {5,} # minimum length 5 chars and no linitation to max length. # ) # End of group -# For further password patterns look at +# For further password patterns look at # http://docs.oracle.com/javase/1.4.2/docs/api/java/util/regex/Pattern.html#sum # -- disable the account after this many logins -- @@ -149,14 +149,14 @@ security.jwt.token.expireTime=1800 # -- To make this work you also have to configure a secret key with security.token.key security.internal.sso.enabled=false -# -- The secret key for the JWT token signature. Read Passwords and JWT (JSON Web Tokens) usage documentation to choose the way you want to store this key +# -- The secret key for the JWT token signature. Read Passwords and JWT (JSON Web Tokens) usage documentation to choose the way you want to store this key security.token.key=security.token.key -# -- List of domains or IP addresses to be checked to prevent Host Header Injection, +# -- List of domains or IP addresses to be checked to prevent Host Header Injection, # -- no spaces after commas,no wildcard, can be extended of course... host-headers-allowed=localhost,127.0.0.1,demo-trunk.ofbiz.apache.org,demo-stable.ofbiz.apache.org,demo-old.ofbiz.apache.org -# -- By default the SameSite value in SameSiteFilter is strict. This allows to change it to lax if needed +# -- By default the SameSite value in SameSiteFilter is strict. This allows to change it to lax if needed SameSiteCookieAttribute= # -- Freemarker TemplateClassResolver option, see OFBIZ-11709. @@ -168,7 +168,7 @@ SameSiteCookieAttribute= templateClassResolver= -#-- UPLOAD: supported file formats are *safe* PNG, GIF, TIFF, JPEG, PDF and ZIP +#-- UPLOAD: supported file formats are *safe* PNG, GIF, TIFF, JPEG, PDF, Audio and Video and ZIP #-- #-- No proprietary file formats (Excel, Word, etc.) are handled OOTB. #-- They can be handled by custom projects using https://github.com/righettod/document-upload-protection: diff --git a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java index 6247453..0751067 100644 --- a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java +++
buildbot exception in on ofbizBranch17Framework
The Buildbot has detected a build exception on builder ofbizBranch17Framework while building ofbiz-framework. Full details are available at: https://ci.apache.org/builders/ofbizBranch17Framework/builds/545 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf945_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'onBranch17FrameworkCommit' triggered this build Build Source Stamp: [branch release17.12] e50ad56bb9b4f081b93eebe4f9a5249d3894 Blamelist: Jacques Le Roux BUILD FAILED: exception shell upload Sincerely, -The Buildbot
buildbot exception in on ofbizBranch18Framework
The Buildbot has detected a build exception on builder ofbizBranch18Framework while building ofbiz-framework. Full details are available at: https://ci.apache.org/builders/ofbizBranch18Framework/builds/416 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf945_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'onBranch18FrameworkCommit' triggered this build Build Source Stamp: [branch release18.12] b25776d1310a507aaa184679d884f5b2adbf3c62 Blamelist: Jacques Le Roux BUILD FAILED: exception shell upload Sincerely, -The Buildbot
[ofbiz-framework] 02/02: Improved: Adds the HTML accept Attribute in form widgets and Freemaker templates (OFBIZ-12049)
This is an automated email from the ASF dual-hosted git repository. jleroux pushed a commit to branch release17.12 in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git commit e50ad56bb9b4f081b93eebe4f9a5249d3894 Author: Jacques Le Roux AuthorDate: Mon Dec 7 15:08:55 2020 +0100 Improved: Adds the HTML accept Attribute in form widgets and Freemaker templates (OFBIZ-12049) As explained at https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/accept this is only an help for the users (ie not a security feature), but an appreciable one easy to implement. Here we start with website/WebSiteCMSContent.ftl Also add some missing file extensions --- .../content/template/website/WebSiteCMSContent.ftl| 19 +++ applications/datamodel/data/seed/ContentSeedData.xml | 5 + 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/applications/content/template/website/WebSiteCMSContent.ftl b/applications/content/template/website/WebSiteCMSContent.ftl index d2e1373..a47050d 100644 --- a/applications/content/template/website/WebSiteCMSContent.ftl +++ b/applications/content/template/website/WebSiteCMSContent.ftl @@ -333,7 +333,18 @@ ${uiLabelMap.CommonUpload} - +<#if dataResourceTypeId == 'IMAGE_OBJECT'> + + +<#if dataResourceTypeId == 'VIDEO_OBJECT'> + + +<#if dataResourceTypeId == 'AUDIO_OBJECT'> + + +<#if dataResourceTypeId == 'OTHER_OBJECT' || dataResourceTypeId == 'LOCAL_FILE' || dataResourceTypeId == 'OFBIZ_FILE' > + + <#elseif (dataResourceTypeId == 'URL_RESOURCE')> @@ -354,9 +365,9 @@ - + <#if (dataText?has_content)> - ${StringUtil.wrapString(dataText.textData!)} + ${StringUtil.wrapString(dataText.textData!)} @@ -370,4 +381,4 @@ - \ No newline at end of file + diff --git a/applications/datamodel/data/seed/ContentSeedData.xml b/applications/datamodel/data/seed/ContentSeedData.xml index a7ca706..ad3c8c4 100644 --- a/applications/datamodel/data/seed/ContentSeedData.xml +++ b/applications/datamodel/data/seed/ContentSeedData.xml @@ -509,8 +509,13 @@ under the License. + + + + +
[ofbiz-framework] 01/02: Fixed: Secure the uploads (OFBIZ-12080)
This is an automated email from the ASF dual-hosted git repository. jleroux pushed a commit to branch release18.12 in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git commit 80709b7da90ec5d43c24d4f615ec0ff51f626a83 Author: Jacques Le Roux AuthorDate: Sun Dec 6 18:47:12 2020 +0100 Fixed: Secure the uploads (OFBIZ-12080) Handles audio and video formats supported by Tika. Adds few new audio and video formats in seed data. AFAIK there are no ways to embed a webshell in an audio or video file. So I did not sophisticate the validation, just rely on Tika. I have also fixed bugs in SecuredUpload: in isValidSvgFile and isValidImageIncludingSvgFile --- .../datamodel/data/seed/ContentSeedData.xml| 10 ++- .../org/apache/ofbiz/security/SecuredUpload.java | 94 +- 2 files changed, 82 insertions(+), 22 deletions(-) diff --git a/applications/datamodel/data/seed/ContentSeedData.xml b/applications/datamodel/data/seed/ContentSeedData.xml index fcaa664..54472c1 100644 --- a/applications/datamodel/data/seed/ContentSeedData.xml +++ b/applications/datamodel/data/seed/ContentSeedData.xml @@ -405,10 +405,15 @@ under the License. - + + - + + + + + @@ -465,6 +470,7 @@ under the License. + diff --git a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java index 3fdae3d..6247453 100644 --- a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java +++ b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java @@ -151,15 +151,23 @@ public class SecuredUpload { } break; -// case "Audio": TODO if needed -// break; -// case "Video": TODO if needed -// break; +case "Audio": +if (isValidAudioFile(fileTocheck)) { +return true; +} +break; +case "Video": +if (isValidVideoFile(fileTocheck)) { +return true; +} +break; default: // All if (isValidTextFile(fileTocheck) || isValidImageIncludingSvgFile(fileTocheck) || isValidCompressedFile(fileTocheck, delegator) +|| isValidAudioFile(fileTocheck) +|| isValidVideoFile(fileTocheck) || isValidPdfFile(fileTocheck)) { return true; } @@ -299,14 +307,7 @@ public class SecuredUpload { * @throws IOException ImageReadException */ private static boolean isValidImageIncludingSvgFile(String fileName) throws ImageReadException, IOException { -Path filePath = Paths.get(fileName); -byte[] bytesFromFile = Files.readAllBytes(filePath); -ImageFormat imageFormat = Imaging.guessFormat(bytesFromFile); -return imageFormat.equals(ImageFormats.PNG) -|| imageFormat.equals(ImageFormats.GIF) -|| imageFormat.equals(ImageFormats.TIFF) -|| imageFormat.equals(ImageFormats.JPEG) -|| isValidSvgFile(fileName); +return isValidImageFile(fileName) || isValidSvgFile(fileName); } /** @@ -316,15 +317,19 @@ public class SecuredUpload { * @throws IOException */ private static boolean isValidSvgFile(String fileName) throws IOException { -Path filePath = Paths.get(fileName); -String parser = XMLResourceDescriptor.getXMLParserClassName(); -SAXSVGDocumentFactory f = new SAXSVGDocumentFactory(parser); -try { -f.createDocument(filePath.toUri().toString()); -} catch (IOException e) { -return false; +String mimeType = getMimeTypeFromFileName(fileName); +if ("image/svg+xml".equals(mimeType)) { +Path filePath = Paths.get(fileName); +String parser = XMLResourceDescriptor.getXMLParserClassName(); +SAXSVGDocumentFactory f = new SAXSVGDocumentFactory(parser); +try { +f.createDocument(filePath.toUri().toString()); +} catch (IOException e) { +return false; +} +return isValidTextFile(fileName); // Validate content to prevent webshell } -return isValidTextFile(fileName); +return false; } /** @@ -501,6 +506,55 @@ public class SecuredUpload { } /** + * Is this a valid Audio file? + * @param fileName must be an UTF-8 encoded text file + * @return true if it's a valid Audio file? + * @throws IOException + */ +private static boolean isValidAudioFile(String fileName) throws IOException { +String mimeType = getMimeTypeFromFileName(fileName); +if
[ofbiz-framework] 02/02: Fixed: Label issue on List Companies page (OFBIZ-12023)
This is an automated email from the ASF dual-hosted git repository. jleroux pushed a commit to branch release18.12 in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git commit b25776d1310a507aaa184679d884f5b2adbf3c62 Author: Jacques Le Roux AuthorDate: Sun Dec 6 19:06:26 2020 +0100 Fixed: Label issue on List Companies page (OFBIZ-12023) Navigate to URL: 'accounting/control/ListCompanies' Under the companies list, the 2nd column has button for account The System is not showing proper label in French. This issue is occurring due to the hyperlink title is not supporting character encoding for special characters. Please track progress under OFBIZ-12026. --- applications/accounting/widget/GlSetupForms.xml | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/applications/accounting/widget/GlSetupForms.xml b/applications/accounting/widget/GlSetupForms.xml index 9e50eda..7633f4b 100644 --- a/applications/accounting/widget/GlSetupForms.xml +++ b/applications/accounting/widget/GlSetupForms.xml @@ -18,7 +18,7 @@ specific language governing permissions and limitations under the License. --> -http://www.w3.org/2001/XMLSchema-instance; +http://www.w3.org/2001/XMLSchema-instance; xmlns="http://ofbiz.apache.org/Widget-Form; xsi:schemaLocation="http://ofbiz.apache.org/Widget-Form http://ofbiz.apache.org/dtds/widget-form.xsd;> - + @@ -375,7 +375,7 @@ under the License. @@ -1188,7 +1188,7 @@ under the License. - +
[ofbiz-framework] branch release18.12 updated (1b9784d -> b25776d)
This is an automated email from the ASF dual-hosted git repository. jleroux pushed a change to branch release18.12 in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git. from 1b9784d Fixed: Secure the uploads (OFBIZ-12080) new 80709b7 Fixed: Secure the uploads (OFBIZ-12080) new b25776d Fixed: Label issue on List Companies page (OFBIZ-12023) The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: applications/accounting/widget/GlSetupForms.xml| 8 +- .../datamodel/data/seed/ContentSeedData.xml| 10 ++- .../org/apache/ofbiz/security/SecuredUpload.java | 94 +- 3 files changed, 86 insertions(+), 26 deletions(-)
[ofbiz-framework] 01/02: Fixed: Secure the uploads (OFBIZ-12080)
This is an automated email from the ASF dual-hosted git repository. jleroux pushed a commit to branch release17.12 in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git commit 7ff8fb814e6ab5fed1fba39764f19b55ac4c4c05 Author: Jacques Le Roux AuthorDate: Sun Dec 6 18:47:12 2020 +0100 Fixed: Secure the uploads (OFBIZ-12080) Handles audio and video formats supported by Tika. Adds few new audio and video formats in seed data. AFAIK there are no ways to embed a webshell in an audio or video file. So I did not sophisticate the validation, just rely on Tika. I have also fixed bugs in SecuredUpload: in isValidSvgFile and isValidImageIncludingSvgFile --- .../datamodel/data/seed/ContentSeedData.xml| 10 ++- .../org/apache/ofbiz/security/SecuredUpload.java | 94 +- 2 files changed, 82 insertions(+), 22 deletions(-) diff --git a/applications/datamodel/data/seed/ContentSeedData.xml b/applications/datamodel/data/seed/ContentSeedData.xml index 12106d6..a7ca706 100644 --- a/applications/datamodel/data/seed/ContentSeedData.xml +++ b/applications/datamodel/data/seed/ContentSeedData.xml @@ -405,10 +405,15 @@ under the License. - + + - + + + + + @@ -465,6 +470,7 @@ under the License. + diff --git a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java index 3fdae3d..6247453 100644 --- a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java +++ b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java @@ -151,15 +151,23 @@ public class SecuredUpload { } break; -// case "Audio": TODO if needed -// break; -// case "Video": TODO if needed -// break; +case "Audio": +if (isValidAudioFile(fileTocheck)) { +return true; +} +break; +case "Video": +if (isValidVideoFile(fileTocheck)) { +return true; +} +break; default: // All if (isValidTextFile(fileTocheck) || isValidImageIncludingSvgFile(fileTocheck) || isValidCompressedFile(fileTocheck, delegator) +|| isValidAudioFile(fileTocheck) +|| isValidVideoFile(fileTocheck) || isValidPdfFile(fileTocheck)) { return true; } @@ -299,14 +307,7 @@ public class SecuredUpload { * @throws IOException ImageReadException */ private static boolean isValidImageIncludingSvgFile(String fileName) throws ImageReadException, IOException { -Path filePath = Paths.get(fileName); -byte[] bytesFromFile = Files.readAllBytes(filePath); -ImageFormat imageFormat = Imaging.guessFormat(bytesFromFile); -return imageFormat.equals(ImageFormats.PNG) -|| imageFormat.equals(ImageFormats.GIF) -|| imageFormat.equals(ImageFormats.TIFF) -|| imageFormat.equals(ImageFormats.JPEG) -|| isValidSvgFile(fileName); +return isValidImageFile(fileName) || isValidSvgFile(fileName); } /** @@ -316,15 +317,19 @@ public class SecuredUpload { * @throws IOException */ private static boolean isValidSvgFile(String fileName) throws IOException { -Path filePath = Paths.get(fileName); -String parser = XMLResourceDescriptor.getXMLParserClassName(); -SAXSVGDocumentFactory f = new SAXSVGDocumentFactory(parser); -try { -f.createDocument(filePath.toUri().toString()); -} catch (IOException e) { -return false; +String mimeType = getMimeTypeFromFileName(fileName); +if ("image/svg+xml".equals(mimeType)) { +Path filePath = Paths.get(fileName); +String parser = XMLResourceDescriptor.getXMLParserClassName(); +SAXSVGDocumentFactory f = new SAXSVGDocumentFactory(parser); +try { +f.createDocument(filePath.toUri().toString()); +} catch (IOException e) { +return false; +} +return isValidTextFile(fileName); // Validate content to prevent webshell } -return isValidTextFile(fileName); +return false; } /** @@ -501,6 +506,55 @@ public class SecuredUpload { } /** + * Is this a valid Audio file? + * @param fileName must be an UTF-8 encoded text file + * @return true if it's a valid Audio file? + * @throws IOException + */ +private static boolean isValidAudioFile(String fileName) throws IOException { +String mimeType = getMimeTypeFromFileName(fileName); +if
[ofbiz-framework] branch release17.12 updated (dc57528 -> e50ad56)
This is an automated email from the ASF dual-hosted git repository. jleroux pushed a change to branch release17.12 in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git. from dc57528 Fixed: Secure the uploads (OFBIZ-12080) new 7ff8fb8 Fixed: Secure the uploads (OFBIZ-12080) new e50ad56 Improved: Adds the HTML accept Attribute in form widgets and Freemaker templates (OFBIZ-12049) The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../content/template/website/WebSiteCMSContent.ftl | 19 - .../datamodel/data/seed/ContentSeedData.xml| 15 +++- .../org/apache/ofbiz/security/SecuredUpload.java | 94 +- 3 files changed, 102 insertions(+), 26 deletions(-)
buildbot success in on ofbizTrunkFrameworkPlugins
The Buildbot has detected a restored build on builder ofbizTrunkFrameworkPlugins while building ofbiz-framework. Full details are available at: https://ci.apache.org/builders/ofbizTrunkFrameworkPlugins/builds/1905 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: downstream Build Source Stamp: [branch trunk] c1644940e94771dcaddb1b0d5f98b7042cdc1f8c Blamelist: James Yong Build succeeded! Sincerely, -The Buildbot
buildbot success in on ofbizTrunkFramework
The Buildbot has detected a restored build on builder ofbizTrunkFramework while building ofbiz-framework. Full details are available at: https://ci.apache.org/builders/ofbizTrunkFramework/builds/2000 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'onTrunkFrameworkCommit' triggered this build Build Source Stamp: [branch trunk] c1644940e94771dcaddb1b0d5f98b7042cdc1f8c Blamelist: James Yong Build succeeded! Sincerely, -The Buildbot
[ofbiz-framework] branch trunk updated: Fixed: Make locale available for DateFindField and DateTimeField macros (OFBIZ-12086)
This is an automated email from the ASF dual-hosted git repository. jamesyong pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git The following commit(s) were added to refs/heads/trunk by this push: new c164494 Fixed: Make locale available for DateFindField and DateTimeField macros (OFBIZ-12086) c164494 is described below commit c1644940e94771dcaddb1b0d5f98b7042cdc1f8c Author: James Yong AuthorDate: Mon Dec 7 23:46:02 2020 +0800 Fixed: Make locale available for DateFindField and DateTimeField macros (OFBIZ-12086) Fixed compile error in MacroFormRendererTest.java. Thanks: Daniel and Tomek for the finding --- .../org/apache/ofbiz/widget/renderer/macro/MacroFormRendererTest.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/framework/widget/src/test/java/org/apache/ofbiz/widget/renderer/macro/MacroFormRendererTest.java b/framework/widget/src/test/java/org/apache/ofbiz/widget/renderer/macro/MacroFormRendererTest.java index 8999bcb..d7f197e 100644 --- a/framework/widget/src/test/java/org/apache/ofbiz/widget/renderer/macro/MacroFormRendererTest.java +++ b/framework/widget/src/test/java/org/apache/ofbiz/widget/renderer/macro/MacroFormRendererTest.java @@ -124,7 +124,7 @@ public class MacroFormRendererTest { label.getText(withNotNull()); result = ""; -ftlWriter.executeMacro(withNotNull(), withNotNull()); +ftlWriter.executeMacro(withNotNull(), withNull(), withNotNull()); times = 0; } }; @@ -1039,7 +1039,7 @@ public class MacroFormRendererTest { new Verifications() { { List macros = new ArrayList<>(); -ftlWriter.executeMacro(withNotNull(), withCapture(macros)); +ftlWriter.executeMacro(withNotNull(), withNull(), withCapture(macros)); assertThat(macros, not(empty())); final String macro = macros.get(0);
buildbot exception in on ofbizTrunkFrameworkPlugins
The Buildbot has detected a build exception on builder ofbizTrunkFrameworkPlugins while building ofbiz-plugins. Full details are available at: https://ci.apache.org/builders/ofbizTrunkFrameworkPlugins/builds/1904 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf945_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'onTrunkPluginsCommit' triggered this build Build Source Stamp: [branch trunk] e84c7ada87fec31d9d65f1ce062a83649bc8f294 Blamelist: Jacques Le Roux BUILD FAILED: exception build upload test-results part 1 Sincerely, -The Buildbot
[ofbiz-plugins] branch trunk updated: Fixed: Lucene TopScoreDocCollector::create wrong call the 2 in Search.groovy scripts (OFBIZ-12087)
This is an automated email from the ASF dual-hosted git repository. jleroux pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git The following commit(s) were added to refs/heads/trunk by this push: new e84c7ad Fixed: Lucene TopScoreDocCollector::create wrong call the 2 in Search.groovy scripts (OFBIZ-12087) e84c7ad is described below commit e84c7ada87fec31d9d65f1ce062a83649bc8f294 Author: Jacques Le Roux AuthorDate: Mon Dec 7 13:20:18 2020 +0100 Fixed: Lucene TopScoreDocCollector::create wrong call the 2 in Search.groovy scripts (OFBIZ-12087) I guess it's due to an update of Lucene, easy fix --- ecommerce/groovyScripts/content/Search.groovy | 2 +- lucene/groovyScripts/content/Search.groovy| 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ecommerce/groovyScripts/content/Search.groovy b/ecommerce/groovyScripts/content/Search.groovy index c4ae3f6..9c0b41a 100644 --- a/ecommerce/groovyScripts/content/Search.groovy +++ b/ecommerce/groovyScripts/content/Search.groovy @@ -86,7 +86,7 @@ if (featureIdByType) { if (searcher) { logInfo("in search searchFeature3, combQuery:" + combQuery.toString()) -TopScoreDocCollector collector = TopScoreDocCollector.create(100) //defaulting to 100 results +TopScoreDocCollector collector = TopScoreDocCollector.create(100, 100) //defaulting to 100 results searcher.search(combQuery.build(), collector) ScoreDoc[] hits = collector.topDocs().scoreDocs logInfo("in search, hits:" + collector.getTotalHits()) diff --git a/lucene/groovyScripts/content/Search.groovy b/lucene/groovyScripts/content/Search.groovy index c98e0b6..fcd418c 100644 --- a/lucene/groovyScripts/content/Search.groovy +++ b/lucene/groovyScripts/content/Search.groovy @@ -94,7 +94,7 @@ if (searchFeature1 || searchFeature2 || searchFeature3 || !featureIdByType.isEmp } } if (searcher) { -TopScoreDocCollector collector = TopScoreDocCollector.create(100) //defaulting to 100 results +TopScoreDocCollector collector = TopScoreDocCollector.create(100, 100) //defaulting to 100 results searcher.search(combQuery.build(), collector) ScoreDoc[] hits = collector.topDocs().scoreDocs
[ofbiz-plugins] branch release18.12 updated: Fixed: Lucene TopScoreDocCollector::create wrong call the 2 in Search.groovy scripts (OFBIZ-12087)
This is an automated email from the ASF dual-hosted git repository. jleroux pushed a commit to branch release18.12 in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git The following commit(s) were added to refs/heads/release18.12 by this push: new e3adeec Fixed: Lucene TopScoreDocCollector::create wrong call the 2 in Search.groovy scripts (OFBIZ-12087) e3adeec is described below commit e3adeec0628b8222e92c165e6839daa236ea771d Author: Jacques Le Roux AuthorDate: Mon Dec 7 13:20:18 2020 +0100 Fixed: Lucene TopScoreDocCollector::create wrong call the 2 in Search.groovy scripts (OFBIZ-12087) I guess it's due to an update of Lucene, easy fix # Conflicts: # ecommerce/groovyScripts/content/Search.groovy --- ecommerce/groovyScripts/content/Search.groovy | 2 +- lucene/groovyScripts/content/Search.groovy| 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ecommerce/groovyScripts/content/Search.groovy b/ecommerce/groovyScripts/content/Search.groovy index 3e90d12..686edf1 100644 --- a/ecommerce/groovyScripts/content/Search.groovy +++ b/ecommerce/groovyScripts/content/Search.groovy @@ -86,7 +86,7 @@ if (featureIdByType) { if (searcher) { Debug.logInfo("in search searchFeature3, combQuery:" + combQuery.toString(), "") -TopScoreDocCollector collector = TopScoreDocCollector.create(100) //defaulting to 100 results +TopScoreDocCollector collector = TopScoreDocCollector.create(100, 100) //defaulting to 100 results searcher.search(combQuery.build(), collector) ScoreDoc[] hits = collector.topDocs().scoreDocs Debug.logInfo("in search, hits:" + collector.getTotalHits(), "") diff --git a/lucene/groovyScripts/content/Search.groovy b/lucene/groovyScripts/content/Search.groovy index c98e0b6..fcd418c 100644 --- a/lucene/groovyScripts/content/Search.groovy +++ b/lucene/groovyScripts/content/Search.groovy @@ -94,7 +94,7 @@ if (searchFeature1 || searchFeature2 || searchFeature3 || !featureIdByType.isEmp } } if (searcher) { -TopScoreDocCollector collector = TopScoreDocCollector.create(100) //defaulting to 100 results +TopScoreDocCollector collector = TopScoreDocCollector.create(100, 100) //defaulting to 100 results searcher.search(combQuery.build(), collector) ScoreDoc[] hits = collector.topDocs().scoreDocs
[ofbiz-plugins] branch release17.12 updated: Fixed: Lucene TopScoreDocCollector::create wrong call the 2 in Search.groovy scripts (OFBIZ-12087)
This is an automated email from the ASF dual-hosted git repository. jleroux pushed a commit to branch release17.12 in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git The following commit(s) were added to refs/heads/release17.12 by this push: new 96e2dee Fixed: Lucene TopScoreDocCollector::create wrong call the 2 in Search.groovy scripts (OFBIZ-12087) 96e2dee is described below commit 96e2deea3beab32d928d41ab9be63e3ea18f907b Author: Jacques Le Roux AuthorDate: Mon Dec 7 13:20:18 2020 +0100 Fixed: Lucene TopScoreDocCollector::create wrong call the 2 in Search.groovy scripts (OFBIZ-12087) I guess it's due to an update of Lucene, easy fix # Conflicts: # ecommerce/groovyScripts/content/Search.groovy --- ecommerce/groovyScripts/content/Search.groovy | 2 +- lucene/groovyScripts/content/Search.groovy| 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ecommerce/groovyScripts/content/Search.groovy b/ecommerce/groovyScripts/content/Search.groovy index 3e90d12..686edf1 100644 --- a/ecommerce/groovyScripts/content/Search.groovy +++ b/ecommerce/groovyScripts/content/Search.groovy @@ -86,7 +86,7 @@ if (featureIdByType) { if (searcher) { Debug.logInfo("in search searchFeature3, combQuery:" + combQuery.toString(), "") -TopScoreDocCollector collector = TopScoreDocCollector.create(100) //defaulting to 100 results +TopScoreDocCollector collector = TopScoreDocCollector.create(100, 100) //defaulting to 100 results searcher.search(combQuery.build(), collector) ScoreDoc[] hits = collector.topDocs().scoreDocs Debug.logInfo("in search, hits:" + collector.getTotalHits(), "") diff --git a/lucene/groovyScripts/content/Search.groovy b/lucene/groovyScripts/content/Search.groovy index c98e0b6..fcd418c 100644 --- a/lucene/groovyScripts/content/Search.groovy +++ b/lucene/groovyScripts/content/Search.groovy @@ -94,7 +94,7 @@ if (searchFeature1 || searchFeature2 || searchFeature3 || !featureIdByType.isEmp } } if (searcher) { -TopScoreDocCollector collector = TopScoreDocCollector.create(100) //defaulting to 100 results +TopScoreDocCollector collector = TopScoreDocCollector.create(100, 100) //defaulting to 100 results searcher.search(combQuery.build(), collector) ScoreDoc[] hits = collector.topDocs().scoreDocs