buildbot success in on ofbizBranch17Framework
The Buildbot has detected a restored build on builder ofbizBranch17Framework while building ofbiz-framework. Full details are available at: https://ci.apache.org/builders/ofbizBranch17Framework/builds/546 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf945_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'onBranch17FrameworkCommit' triggered this build Build Source Stamp: [branch release17.12] 13001ee048645865908bf789ffe0a2464a06152b Blamelist: Jacques Le Roux Build succeeded! Sincerely, -The Buildbot
buildbot success in on ofbizBranch18Framework
The Buildbot has detected a restored build on builder ofbizBranch18Framework while building ofbiz-framework. Full details are available at: https://ci.apache.org/builders/ofbizBranch18Framework/builds/417 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf947_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'onBranch18FrameworkCommit' triggered this build Build Source Stamp: [branch release18.12] b57c563e89f1839ed79a64c08daa8f4fdd814680 Blamelist: Jacques Le Roux Build succeeded! Sincerely, -The Buildbot
[ofbiz-framework] 02/04: Fixed: Label issue on List Companies page (OFBIZ-12023)
This is an automated email from the ASF dual-hosted git repository. jleroux pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git commit b549b9aa1947981d7ac9040efb9bc9ce95354e74 Author: Jacques Le Roux AuthorDate: Sun Dec 6 19:06:26 2020 +0100 Fixed: Label issue on List Companies page (OFBIZ-12023) Navigate to URL: 'accounting/control/ListCompanies' Under the companies list, the 2nd column has button for account The System is not showing proper label in French. This issue is occurring due to the hyperlink title is not supporting character encoding for special characters. Please track progress under OFBIZ-12026. --- applications/accounting/widget/GlSetupForms.xml | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/applications/accounting/widget/GlSetupForms.xml b/applications/accounting/widget/GlSetupForms.xml index f4a66e3..6b3ebf6 100644 --- a/applications/accounting/widget/GlSetupForms.xml +++ b/applications/accounting/widget/GlSetupForms.xml @@ -18,7 +18,7 @@ specific language governing permissions and limitations under the License. --> -http://www.w3.org/2001/XMLSchema-instance; +http://www.w3.org/2001/XMLSchema-instance; xmlns="http://ofbiz.apache.org/Widget-Form; xsi:schemaLocation="http://ofbiz.apache.org/Widget-Form http://ofbiz.apache.org/dtds/widget-form.xsd;> - + @@ -375,7 +375,7 @@ under the License. @@ -1188,7 +1188,7 @@ under the License. - +
[ofbiz-framework] 03/04: Improved: Adds the HTML accept Attribute in form widgets and Freemaker templates (OFBIZ-12049)
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
commit fdeedf23ee8fb9d9eec45925f044252be153c7ff
Author: Jacques Le Roux
AuthorDate: Mon Dec 7 15:08:55 2020 +0100
Improved: Adds the HTML accept Attribute in form widgets and
Freemaker templates (OFBIZ-12049)
As explained at
https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/accept
this is only an help for the users (ie not a security feature), but an
appreciable one easy to implement.
Here we start with website/WebSiteCMSContent.ftl
Also add some missing file extensions
---
.../content/template/website/WebSiteCMSContent.ftl| 19 +++
applications/datamodel/data/seed/ContentSeedData.xml | 5 +
2 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/applications/content/template/website/WebSiteCMSContent.ftl
b/applications/content/template/website/WebSiteCMSContent.ftl
index 67b3df9..7a81a5c 100644
--- a/applications/content/template/website/WebSiteCMSContent.ftl
+++ b/applications/content/template/website/WebSiteCMSContent.ftl
@@ -333,7 +333,18 @@
${uiLabelMap.CommonUpload}
-
+<#if dataResourceTypeId == 'IMAGE_OBJECT'>
+
+
+<#if dataResourceTypeId == 'VIDEO_OBJECT'>
+
+
+<#if dataResourceTypeId == 'AUDIO_OBJECT'>
+
+
+<#if dataResourceTypeId == 'OTHER_OBJECT' ||
dataResourceTypeId == 'LOCAL_FILE' || dataResourceTypeId == 'OFBIZ_FILE' >
+
+
<#elseif (dataResourceTypeId == 'URL_RESOURCE')>
@@ -354,9 +365,9 @@
-
+
<#if (dataText?has_content)>
- ${StringUtil.wrapString(dataText.textData!)}
+ ${StringUtil.wrapString(dataText.textData!)}
@@ -370,4 +381,4 @@
-
\ No newline at end of file
+
diff --git a/applications/datamodel/data/seed/ContentSeedData.xml
b/applications/datamodel/data/seed/ContentSeedData.xml
index 54472c1..aae7cb3 100644
--- a/applications/datamodel/data/seed/ContentSeedData.xml
+++ b/applications/datamodel/data/seed/ContentSeedData.xml
@@ -509,8 +509,13 @@ under the License.
+
+
+
+
+
[ofbiz-framework] 01/04: Fixed: Secure the uploads (OFBIZ-12080)
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
commit 4481f373ca45514c1e6fb86f1f1d2c6204f7a65a
Author: Jacques Le Roux
AuthorDate: Sun Dec 6 18:47:12 2020 +0100
Fixed: Secure the uploads (OFBIZ-12080)
Handles audio and video formats supported by Tika.
Adds few new audio and video formats in seed data.
AFAIK there are no ways to embed a webshell in an audio or video file. So I
did
not sophisticate the validation, just rely on Tika.
I have also fixed bugs in SecuredUpload: in isValidSvgFile and
isValidImageIncludingSvgFile
---
.../datamodel/data/seed/ContentSeedData.xml| 10 ++-
.../org/apache/ofbiz/security/SecuredUpload.java | 94 +-
2 files changed, 82 insertions(+), 22 deletions(-)
diff --git a/applications/datamodel/data/seed/ContentSeedData.xml
b/applications/datamodel/data/seed/ContentSeedData.xml
index fcaa664..54472c1 100644
--- a/applications/datamodel/data/seed/ContentSeedData.xml
+++ b/applications/datamodel/data/seed/ContentSeedData.xml
@@ -405,10 +405,15 @@ under the License.
-
+
+
-
+
+
+
+
+
@@ -465,6 +470,7 @@ under the License.
+
diff --git
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
index 4650dfd..e233228 100644
---
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
+++
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
@@ -151,15 +151,23 @@ public class SecuredUpload {
}
break;
-// case "Audio": TODO if needed
-// break;
-// case "Video": TODO if needed
-// break;
+case "Audio":
+if (isValidAudioFile(fileTocheck)) {
+return true;
+}
+break;
+case "Video":
+if (isValidVideoFile(fileTocheck)) {
+return true;
+}
+break;
default: // All
if (isValidTextFile(fileTocheck)
|| isValidImageIncludingSvgFile(fileTocheck)
|| isValidCompressedFile(fileTocheck, delegator)
+|| isValidAudioFile(fileTocheck)
+|| isValidVideoFile(fileTocheck)
|| isValidPdfFile(fileTocheck)) {
return true;
}
@@ -299,14 +307,7 @@ public class SecuredUpload {
* @throws IOException ImageReadException
*/
private static boolean isValidImageIncludingSvgFile(String fileName)
throws ImageReadException, IOException {
-Path filePath = Paths.get(fileName);
-byte[] bytesFromFile = Files.readAllBytes(filePath);
-ImageFormat imageFormat = Imaging.guessFormat(bytesFromFile);
-return imageFormat.equals(ImageFormats.PNG)
-|| imageFormat.equals(ImageFormats.GIF)
-|| imageFormat.equals(ImageFormats.TIFF)
-|| imageFormat.equals(ImageFormats.JPEG)
-|| isValidSvgFile(fileName);
+return isValidImageFile(fileName) || isValidSvgFile(fileName);
}
/**
@@ -316,15 +317,19 @@ public class SecuredUpload {
* @throws IOException
*/
private static boolean isValidSvgFile(String fileName) throws IOException {
-Path filePath = Paths.get(fileName);
-String parser = XMLResourceDescriptor.getXMLParserClassName();
-SAXSVGDocumentFactory f = new SAXSVGDocumentFactory(parser);
-try {
-f.createDocument(filePath.toUri().toString());
-} catch (IOException e) {
-return false;
+String mimeType = getMimeTypeFromFileName(fileName);
+if ("image/svg+xml".equals(mimeType)) {
+Path filePath = Paths.get(fileName);
+String parser = XMLResourceDescriptor.getXMLParserClassName();
+SAXSVGDocumentFactory f = new SAXSVGDocumentFactory(parser);
+try {
+f.createDocument(filePath.toUri().toString());
+} catch (IOException e) {
+return false;
+}
+return isValidTextFile(fileName); // Validate content to prevent
webshell
}
-return isValidTextFile(fileName);
+return false;
}
/**
@@ -501,6 +506,55 @@ public class SecuredUpload {
}
/**
+ * Is this a valid Audio file?
+ * @param fileName must be an UTF-8 encoded text file
+ * @return true if it's a valid Audio file?
+ * @throws IOException
+ */
+private static boolean isValidAudioFile(String fileName) throws
IOException {
+String mimeType = getMimeTypeFromFileName(fileName);
+if
[ofbiz-framework] branch trunk updated (c164494 -> 100810f)
This is an automated email from the ASF dual-hosted git repository. jleroux pushed a change to branch trunk in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git. from c164494 Fixed: Make locale available for DateFindField and DateTimeField macros (OFBIZ-12086) new 4481f37 Fixed: Secure the uploads (OFBIZ-12080) new b549b9a Fixed: Label issue on List Companies page (OFBIZ-12023) new fdeedf2 Improved: Adds the HTML accept Attribute in form widgets and Freemaker templates (OFBIZ-12049) new 100810f Fixed: Secure the uploads (OFBIZ-12080) The 4 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: applications/accounting/widget/GlSetupForms.xml| 8 +- .../content/template/website/WebSiteCMSContent.ftl | 19 - .../datamodel/data/seed/ContentSeedData.xml| 15 +++- framework/security/config/security.properties | 2 +- .../org/apache/ofbiz/security/SecuredUpload.java | 96 +- 5 files changed, 108 insertions(+), 32 deletions(-)
[ofbiz-framework] 04/04: Fixed: Secure the uploads (OFBIZ-12080)
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
commit 100810faeb603183643734f5efbec52e2398d7bd
Author: Jacques Le Roux
AuthorDate: Mon Dec 7 19:48:36 2020 +0100
Fixed: Secure the uploads (OFBIZ-12080)
Adds audio and video as supported formats
---
framework/security/config/security.properties | 2 +-
.../security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/framework/security/config/security.properties
b/framework/security/config/security.properties
index c904be3..43ede04 100644
--- a/framework/security/config/security.properties
+++ b/framework/security/config/security.properties
@@ -200,7 +200,7 @@ csrf.defense.strategy=
templateClassResolver=
-#-- UPLOAD: supported file formats are *safe* PNG, GIF, TIFF, JPEG, PDF and ZIP
+#-- UPLOAD: supported file formats are *safe* PNG, GIF, TIFF, JPEG, PDF, Audio
and Video and ZIP
#--
#-- No proprietary file formats (Excel, Word, etc.) are handled OOTB.
#-- They can be handled by custom projects using
https://github.com/righettod/document-upload-protection:
diff --git
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
index e233228..0751067 100644
---
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
+++
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
@@ -88,7 +88,7 @@ public class SecuredUpload {
// https://en.wikipedia.org/wiki/File_format
// https://en.wikipedia.org/wiki/List_of_file_signatures
// See also information in security.properties:
-// Line #-- UPLOAD: supported file formats are *safe* PNG, GIF, TIFF,
JPEG, PDF and ZIP
+// Line #-- UPLOAD: supported file formats are *safe* PNG, GIF, TIFF,
JPEG, PDF, Audio and Video and ZIP
private static final String MODULE = SecuredUpload.class.getName();
[ofbiz-framework] branch release17.12 updated: Fixed: Secure the uploads (OFBIZ-12080)
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release17.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release17.12 by this push:
new 13001ee Fixed: Secure the uploads (OFBIZ-12080)
13001ee is described below
commit 13001ee048645865908bf789ffe0a2464a06152b
Author: Jacques Le Roux
AuthorDate: Mon Dec 7 19:43:57 2020 +0100
Fixed: Secure the uploads (OFBIZ-12080)
module should be MODULE in SecuredUpload class
Improves: add adio adn video to supported file formats in
security.properties
# Conflicts handled by hand
# framework/security/config/security.properties
---
framework/security/config/security.properties| 14 +++---
.../java/org/apache/ofbiz/security/SecuredUpload.java| 16
2 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/framework/security/config/security.properties
b/framework/security/config/security.properties
index 5f4cc67..98f3a23 100644
--- a/framework/security/config/security.properties
+++ b/framework/security/config/security.properties
@@ -30,24 +30,24 @@ security.login.password.pattern=^.*(?=.{5,}).*$
security.login.password.pattern.description=loginservices.password_must_be_least_characters_long
# -- For More restrictive pattern you can use the following, no localisation-
#security.login.password.pattern=^.*(?=.{5,})(?=.*[a-zA-Z])(?=.*[!@#$%^&*]).*$
-#security.login.password.pattern.description=Your password must be 5
characters long, Only contains alphanumeric(number optional) and at least one
from following special characters: !@#$%^&*.
+#security.login.password.pattern.description=Your password must be 5
characters long, Only contains alphanumeric(number optional) and at least one
from following special characters: !@#$%^&*.
#Only contains alphanumeric and the following special characters: !@#$%^&*
#Contains at least 1 of the special characters in the list above
#The required special character can appear anywhere in the string (for
example: !abc, a!bc, abc!)
#minimum length 5 digit.
# HELP
# Start of group
-# (
+# (
# (?=.*\d) # must contains one digit from 0-9
# (?=.*[a-z]) # must contains one lowercase characters
# (?=.*[A-Z]) # must contains one uppercase characters
# (?=.*[!@#$%^&*]) # must contains one special symbols in the list
"!@#$%^&*"
# .# match anything with previous condition checking
# {5,20} # length at least 5 characters and maximum of 20
-# {5,} # minimum length 5 chars and no linitation to max
length.
+# {5,} # minimum length 5 chars and no linitation to max
length.
# )
# End of group
-# For further password patterns look at
+# For further password patterns look at
# http://docs.oracle.com/javase/1.4.2/docs/api/java/util/regex/Pattern.html#sum
# -- disable the account after this many logins --
@@ -135,11 +135,11 @@ security.login.externalLoginKey.enabled=true
# -- Security key used to encrypt and decrypt the autogenerated password in
forgot password functionality.
login.secret_key_string=Secret Key
-# -- List of domains or IP addresses to be checked to prevent Host Header
Injection,
+# -- List of domains or IP addresses to be checked to prevent Host Header
Injection,
# -- no spaces after commas,no wildcard, can be extended of course...
host-headers-allowed=localhost,127.0.0.1,demo-trunk.ofbiz.apache.org,demo-stable.ofbiz.apache.org,demo-old.ofbiz.apache.org
-# -- By default the SameSite value in SameSiteFilter is strict. This allows to
change it to lax if needed
+# -- By default the SameSite value in SameSiteFilter is strict. This allows to
change it to lax if needed
SameSiteCookieAttribute=
# -- Freemarker TemplateClassResolver option, see OFBIZ-11709.
@@ -151,7 +151,7 @@ SameSiteCookieAttribute=
templateClassResolver=
-#-- UPLOAD: supported file formats are *safe* PNG, GIF, TIFF, JPEG, PDF and ZIP
+#-- UPLOAD: supported file formats are *safe* PNG, GIF, TIFF, JPEG, PDF, Audio
and Video and ZIP
#--
#-- No proprietary file formats (Excel, Word, etc.) are handled OOTB.
#-- They can be handled by custom projects using
https://github.com/righettod/document-upload-protection:
diff --git
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
index 6247453..0751067 100644
---
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
+++
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
@@ -88,9 +88,9 @@ public class SecuredUpload {
// https://en.wikipedia.org/wiki/File_format
// https://en.wikipedia.org/wiki/List_of_file_signatures
// See also information in security.properties:
-//
[ofbiz-framework] branch release18.12 updated: Fixed: Secure the uploads (OFBIZ-12080)
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release18.12 by this push:
new b57c563 Fixed: Secure the uploads (OFBIZ-12080)
b57c563 is described below
commit b57c563e89f1839ed79a64c08daa8f4fdd814680
Author: Jacques Le Roux
AuthorDate: Mon Dec 7 19:43:57 2020 +0100
Fixed: Secure the uploads (OFBIZ-12080)
module should be MODULE in SecuredUpload class
Improves: add adio adn video to supported file formats in
security.properties
---
framework/security/config/security.properties| 16
.../java/org/apache/ofbiz/security/SecuredUpload.java| 16
2 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/framework/security/config/security.properties
b/framework/security/config/security.properties
index 237b700..a5159f7 100644
--- a/framework/security/config/security.properties
+++ b/framework/security/config/security.properties
@@ -30,24 +30,24 @@ security.login.password.pattern=^.*(?=.{5,}).*$
security.login.password.pattern.description=loginservices.password_must_be_least_characters_long
# -- For More restrictive pattern you can use the following, no localisation-
#security.login.password.pattern=^.*(?=.{5,})(?=.*[a-zA-Z])(?=.*[!@#$%^&*]).*$
-#security.login.password.pattern.description=Your password must be 5
characters long, Only contains alphanumeric(number optional) and at least one
from following special characters: !@#$%^&*.
+#security.login.password.pattern.description=Your password must be 5
characters long, Only contains alphanumeric(number optional) and at least one
from following special characters: !@#$%^&*.
#Only contains alphanumeric and the following special characters: !@#$%^&*
#Contains at least 1 of the special characters in the list above
#The required special character can appear anywhere in the string (for
example: !abc, a!bc, abc!)
#minimum length 5 digit.
# HELP
# Start of group
-# (
+# (
# (?=.*\d) # must contains one digit from 0-9
# (?=.*[a-z]) # must contains one lowercase characters
# (?=.*[A-Z]) # must contains one uppercase characters
# (?=.*[!@#$%^&*]) # must contains one special symbols in the list
"!@#$%^&*"
# .# match anything with previous condition checking
# {5,20} # length at least 5 characters and maximum of 20
-# {5,} # minimum length 5 chars and no linitation to max
length.
+# {5,} # minimum length 5 chars and no linitation to max
length.
# )
# End of group
-# For further password patterns look at
+# For further password patterns look at
# http://docs.oracle.com/javase/1.4.2/docs/api/java/util/regex/Pattern.html#sum
# -- disable the account after this many logins --
@@ -149,14 +149,14 @@ security.jwt.token.expireTime=1800
# -- To make this work you also have to configure a secret key with
security.token.key
security.internal.sso.enabled=false
-# -- The secret key for the JWT token signature. Read Passwords and JWT (JSON
Web Tokens) usage documentation to choose the way you want to store this key
+# -- The secret key for the JWT token signature. Read Passwords and JWT (JSON
Web Tokens) usage documentation to choose the way you want to store this key
security.token.key=security.token.key
-# -- List of domains or IP addresses to be checked to prevent Host Header
Injection,
+# -- List of domains or IP addresses to be checked to prevent Host Header
Injection,
# -- no spaces after commas,no wildcard, can be extended of course...
host-headers-allowed=localhost,127.0.0.1,demo-trunk.ofbiz.apache.org,demo-stable.ofbiz.apache.org,demo-old.ofbiz.apache.org
-# -- By default the SameSite value in SameSiteFilter is strict. This allows to
change it to lax if needed
+# -- By default the SameSite value in SameSiteFilter is strict. This allows to
change it to lax if needed
SameSiteCookieAttribute=
# -- Freemarker TemplateClassResolver option, see OFBIZ-11709.
@@ -168,7 +168,7 @@ SameSiteCookieAttribute=
templateClassResolver=
-#-- UPLOAD: supported file formats are *safe* PNG, GIF, TIFF, JPEG, PDF and ZIP
+#-- UPLOAD: supported file formats are *safe* PNG, GIF, TIFF, JPEG, PDF, Audio
and Video and ZIP
#--
#-- No proprietary file formats (Excel, Word, etc.) are handled OOTB.
#-- They can be handled by custom projects using
https://github.com/righettod/document-upload-protection:
diff --git
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
index 6247453..0751067 100644
---
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
+++
buildbot exception in on ofbizBranch17Framework
The Buildbot has detected a build exception on builder ofbizBranch17Framework while building ofbiz-framework. Full details are available at: https://ci.apache.org/builders/ofbizBranch17Framework/builds/545 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf945_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'onBranch17FrameworkCommit' triggered this build Build Source Stamp: [branch release17.12] e50ad56bb9b4f081b93eebe4f9a5249d3894 Blamelist: Jacques Le Roux BUILD FAILED: exception shell upload Sincerely, -The Buildbot
buildbot exception in on ofbizBranch18Framework
The Buildbot has detected a build exception on builder ofbizBranch18Framework while building ofbiz-framework. Full details are available at: https://ci.apache.org/builders/ofbizBranch18Framework/builds/416 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf945_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'onBranch18FrameworkCommit' triggered this build Build Source Stamp: [branch release18.12] b25776d1310a507aaa184679d884f5b2adbf3c62 Blamelist: Jacques Le Roux BUILD FAILED: exception shell upload Sincerely, -The Buildbot
[ofbiz-framework] 02/02: Improved: Adds the HTML accept Attribute in form widgets and Freemaker templates (OFBIZ-12049)
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release17.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
commit e50ad56bb9b4f081b93eebe4f9a5249d3894
Author: Jacques Le Roux
AuthorDate: Mon Dec 7 15:08:55 2020 +0100
Improved: Adds the HTML accept Attribute in form widgets and
Freemaker templates (OFBIZ-12049)
As explained at
https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/accept
this is only an help for the users (ie not a security feature), but an
appreciable one easy to implement.
Here we start with website/WebSiteCMSContent.ftl
Also add some missing file extensions
---
.../content/template/website/WebSiteCMSContent.ftl| 19 +++
applications/datamodel/data/seed/ContentSeedData.xml | 5 +
2 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/applications/content/template/website/WebSiteCMSContent.ftl
b/applications/content/template/website/WebSiteCMSContent.ftl
index d2e1373..a47050d 100644
--- a/applications/content/template/website/WebSiteCMSContent.ftl
+++ b/applications/content/template/website/WebSiteCMSContent.ftl
@@ -333,7 +333,18 @@
${uiLabelMap.CommonUpload}
-
+<#if dataResourceTypeId == 'IMAGE_OBJECT'>
+
+
+<#if dataResourceTypeId == 'VIDEO_OBJECT'>
+
+
+<#if dataResourceTypeId == 'AUDIO_OBJECT'>
+
+
+<#if dataResourceTypeId == 'OTHER_OBJECT' ||
dataResourceTypeId == 'LOCAL_FILE' || dataResourceTypeId == 'OFBIZ_FILE' >
+
+
<#elseif (dataResourceTypeId == 'URL_RESOURCE')>
@@ -354,9 +365,9 @@
-
+
<#if (dataText?has_content)>
- ${StringUtil.wrapString(dataText.textData!)}
+ ${StringUtil.wrapString(dataText.textData!)}
@@ -370,4 +381,4 @@
-
\ No newline at end of file
+
diff --git a/applications/datamodel/data/seed/ContentSeedData.xml
b/applications/datamodel/data/seed/ContentSeedData.xml
index a7ca706..ad3c8c4 100644
--- a/applications/datamodel/data/seed/ContentSeedData.xml
+++ b/applications/datamodel/data/seed/ContentSeedData.xml
@@ -509,8 +509,13 @@ under the License.
+
+
+
+
+
[ofbiz-framework] 01/02: Fixed: Secure the uploads (OFBIZ-12080)
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
commit 80709b7da90ec5d43c24d4f615ec0ff51f626a83
Author: Jacques Le Roux
AuthorDate: Sun Dec 6 18:47:12 2020 +0100
Fixed: Secure the uploads (OFBIZ-12080)
Handles audio and video formats supported by Tika.
Adds few new audio and video formats in seed data.
AFAIK there are no ways to embed a webshell in an audio or video file. So I
did
not sophisticate the validation, just rely on Tika.
I have also fixed bugs in SecuredUpload: in isValidSvgFile and
isValidImageIncludingSvgFile
---
.../datamodel/data/seed/ContentSeedData.xml| 10 ++-
.../org/apache/ofbiz/security/SecuredUpload.java | 94 +-
2 files changed, 82 insertions(+), 22 deletions(-)
diff --git a/applications/datamodel/data/seed/ContentSeedData.xml
b/applications/datamodel/data/seed/ContentSeedData.xml
index fcaa664..54472c1 100644
--- a/applications/datamodel/data/seed/ContentSeedData.xml
+++ b/applications/datamodel/data/seed/ContentSeedData.xml
@@ -405,10 +405,15 @@ under the License.
-
+
+
-
+
+
+
+
+
@@ -465,6 +470,7 @@ under the License.
+
diff --git
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
index 3fdae3d..6247453 100644
---
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
+++
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
@@ -151,15 +151,23 @@ public class SecuredUpload {
}
break;
-// case "Audio": TODO if needed
-// break;
-// case "Video": TODO if needed
-// break;
+case "Audio":
+if (isValidAudioFile(fileTocheck)) {
+return true;
+}
+break;
+case "Video":
+if (isValidVideoFile(fileTocheck)) {
+return true;
+}
+break;
default: // All
if (isValidTextFile(fileTocheck)
|| isValidImageIncludingSvgFile(fileTocheck)
|| isValidCompressedFile(fileTocheck, delegator)
+|| isValidAudioFile(fileTocheck)
+|| isValidVideoFile(fileTocheck)
|| isValidPdfFile(fileTocheck)) {
return true;
}
@@ -299,14 +307,7 @@ public class SecuredUpload {
* @throws IOException ImageReadException
*/
private static boolean isValidImageIncludingSvgFile(String fileName)
throws ImageReadException, IOException {
-Path filePath = Paths.get(fileName);
-byte[] bytesFromFile = Files.readAllBytes(filePath);
-ImageFormat imageFormat = Imaging.guessFormat(bytesFromFile);
-return imageFormat.equals(ImageFormats.PNG)
-|| imageFormat.equals(ImageFormats.GIF)
-|| imageFormat.equals(ImageFormats.TIFF)
-|| imageFormat.equals(ImageFormats.JPEG)
-|| isValidSvgFile(fileName);
+return isValidImageFile(fileName) || isValidSvgFile(fileName);
}
/**
@@ -316,15 +317,19 @@ public class SecuredUpload {
* @throws IOException
*/
private static boolean isValidSvgFile(String fileName) throws IOException {
-Path filePath = Paths.get(fileName);
-String parser = XMLResourceDescriptor.getXMLParserClassName();
-SAXSVGDocumentFactory f = new SAXSVGDocumentFactory(parser);
-try {
-f.createDocument(filePath.toUri().toString());
-} catch (IOException e) {
-return false;
+String mimeType = getMimeTypeFromFileName(fileName);
+if ("image/svg+xml".equals(mimeType)) {
+Path filePath = Paths.get(fileName);
+String parser = XMLResourceDescriptor.getXMLParserClassName();
+SAXSVGDocumentFactory f = new SAXSVGDocumentFactory(parser);
+try {
+f.createDocument(filePath.toUri().toString());
+} catch (IOException e) {
+return false;
+}
+return isValidTextFile(fileName); // Validate content to prevent
webshell
}
-return isValidTextFile(fileName);
+return false;
}
/**
@@ -501,6 +506,55 @@ public class SecuredUpload {
}
/**
+ * Is this a valid Audio file?
+ * @param fileName must be an UTF-8 encoded text file
+ * @return true if it's a valid Audio file?
+ * @throws IOException
+ */
+private static boolean isValidAudioFile(String fileName) throws
IOException {
+String mimeType = getMimeTypeFromFileName(fileName);
+if
[ofbiz-framework] 02/02: Fixed: Label issue on List Companies page (OFBIZ-12023)
This is an automated email from the ASF dual-hosted git repository. jleroux pushed a commit to branch release18.12 in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git commit b25776d1310a507aaa184679d884f5b2adbf3c62 Author: Jacques Le Roux AuthorDate: Sun Dec 6 19:06:26 2020 +0100 Fixed: Label issue on List Companies page (OFBIZ-12023) Navigate to URL: 'accounting/control/ListCompanies' Under the companies list, the 2nd column has button for account The System is not showing proper label in French. This issue is occurring due to the hyperlink title is not supporting character encoding for special characters. Please track progress under OFBIZ-12026. --- applications/accounting/widget/GlSetupForms.xml | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/applications/accounting/widget/GlSetupForms.xml b/applications/accounting/widget/GlSetupForms.xml index 9e50eda..7633f4b 100644 --- a/applications/accounting/widget/GlSetupForms.xml +++ b/applications/accounting/widget/GlSetupForms.xml @@ -18,7 +18,7 @@ specific language governing permissions and limitations under the License. --> -http://www.w3.org/2001/XMLSchema-instance; +http://www.w3.org/2001/XMLSchema-instance; xmlns="http://ofbiz.apache.org/Widget-Form; xsi:schemaLocation="http://ofbiz.apache.org/Widget-Form http://ofbiz.apache.org/dtds/widget-form.xsd;> - + @@ -375,7 +375,7 @@ under the License. @@ -1188,7 +1188,7 @@ under the License. - +
[ofbiz-framework] branch release18.12 updated (1b9784d -> b25776d)
This is an automated email from the ASF dual-hosted git repository. jleroux pushed a change to branch release18.12 in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git. from 1b9784d Fixed: Secure the uploads (OFBIZ-12080) new 80709b7 Fixed: Secure the uploads (OFBIZ-12080) new b25776d Fixed: Label issue on List Companies page (OFBIZ-12023) The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: applications/accounting/widget/GlSetupForms.xml| 8 +- .../datamodel/data/seed/ContentSeedData.xml| 10 ++- .../org/apache/ofbiz/security/SecuredUpload.java | 94 +- 3 files changed, 86 insertions(+), 26 deletions(-)
[ofbiz-framework] 01/02: Fixed: Secure the uploads (OFBIZ-12080)
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release17.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
commit 7ff8fb814e6ab5fed1fba39764f19b55ac4c4c05
Author: Jacques Le Roux
AuthorDate: Sun Dec 6 18:47:12 2020 +0100
Fixed: Secure the uploads (OFBIZ-12080)
Handles audio and video formats supported by Tika.
Adds few new audio and video formats in seed data.
AFAIK there are no ways to embed a webshell in an audio or video file. So I
did
not sophisticate the validation, just rely on Tika.
I have also fixed bugs in SecuredUpload: in isValidSvgFile and
isValidImageIncludingSvgFile
---
.../datamodel/data/seed/ContentSeedData.xml| 10 ++-
.../org/apache/ofbiz/security/SecuredUpload.java | 94 +-
2 files changed, 82 insertions(+), 22 deletions(-)
diff --git a/applications/datamodel/data/seed/ContentSeedData.xml
b/applications/datamodel/data/seed/ContentSeedData.xml
index 12106d6..a7ca706 100644
--- a/applications/datamodel/data/seed/ContentSeedData.xml
+++ b/applications/datamodel/data/seed/ContentSeedData.xml
@@ -405,10 +405,15 @@ under the License.
-
+
+
-
+
+
+
+
+
@@ -465,6 +470,7 @@ under the License.
+
diff --git
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
index 3fdae3d..6247453 100644
---
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
+++
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
@@ -151,15 +151,23 @@ public class SecuredUpload {
}
break;
-// case "Audio": TODO if needed
-// break;
-// case "Video": TODO if needed
-// break;
+case "Audio":
+if (isValidAudioFile(fileTocheck)) {
+return true;
+}
+break;
+case "Video":
+if (isValidVideoFile(fileTocheck)) {
+return true;
+}
+break;
default: // All
if (isValidTextFile(fileTocheck)
|| isValidImageIncludingSvgFile(fileTocheck)
|| isValidCompressedFile(fileTocheck, delegator)
+|| isValidAudioFile(fileTocheck)
+|| isValidVideoFile(fileTocheck)
|| isValidPdfFile(fileTocheck)) {
return true;
}
@@ -299,14 +307,7 @@ public class SecuredUpload {
* @throws IOException ImageReadException
*/
private static boolean isValidImageIncludingSvgFile(String fileName)
throws ImageReadException, IOException {
-Path filePath = Paths.get(fileName);
-byte[] bytesFromFile = Files.readAllBytes(filePath);
-ImageFormat imageFormat = Imaging.guessFormat(bytesFromFile);
-return imageFormat.equals(ImageFormats.PNG)
-|| imageFormat.equals(ImageFormats.GIF)
-|| imageFormat.equals(ImageFormats.TIFF)
-|| imageFormat.equals(ImageFormats.JPEG)
-|| isValidSvgFile(fileName);
+return isValidImageFile(fileName) || isValidSvgFile(fileName);
}
/**
@@ -316,15 +317,19 @@ public class SecuredUpload {
* @throws IOException
*/
private static boolean isValidSvgFile(String fileName) throws IOException {
-Path filePath = Paths.get(fileName);
-String parser = XMLResourceDescriptor.getXMLParserClassName();
-SAXSVGDocumentFactory f = new SAXSVGDocumentFactory(parser);
-try {
-f.createDocument(filePath.toUri().toString());
-} catch (IOException e) {
-return false;
+String mimeType = getMimeTypeFromFileName(fileName);
+if ("image/svg+xml".equals(mimeType)) {
+Path filePath = Paths.get(fileName);
+String parser = XMLResourceDescriptor.getXMLParserClassName();
+SAXSVGDocumentFactory f = new SAXSVGDocumentFactory(parser);
+try {
+f.createDocument(filePath.toUri().toString());
+} catch (IOException e) {
+return false;
+}
+return isValidTextFile(fileName); // Validate content to prevent
webshell
}
-return isValidTextFile(fileName);
+return false;
}
/**
@@ -501,6 +506,55 @@ public class SecuredUpload {
}
/**
+ * Is this a valid Audio file?
+ * @param fileName must be an UTF-8 encoded text file
+ * @return true if it's a valid Audio file?
+ * @throws IOException
+ */
+private static boolean isValidAudioFile(String fileName) throws
IOException {
+String mimeType = getMimeTypeFromFileName(fileName);
+if
[ofbiz-framework] branch release17.12 updated (dc57528 -> e50ad56)
This is an automated email from the ASF dual-hosted git repository. jleroux pushed a change to branch release17.12 in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git. from dc57528 Fixed: Secure the uploads (OFBIZ-12080) new 7ff8fb8 Fixed: Secure the uploads (OFBIZ-12080) new e50ad56 Improved: Adds the HTML accept Attribute in form widgets and Freemaker templates (OFBIZ-12049) The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../content/template/website/WebSiteCMSContent.ftl | 19 - .../datamodel/data/seed/ContentSeedData.xml| 15 +++- .../org/apache/ofbiz/security/SecuredUpload.java | 94 +- 3 files changed, 102 insertions(+), 26 deletions(-)
buildbot success in on ofbizTrunkFrameworkPlugins
The Buildbot has detected a restored build on builder ofbizTrunkFrameworkPlugins while building ofbiz-framework. Full details are available at: https://ci.apache.org/builders/ofbizTrunkFrameworkPlugins/builds/1905 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: downstream Build Source Stamp: [branch trunk] c1644940e94771dcaddb1b0d5f98b7042cdc1f8c Blamelist: James Yong Build succeeded! Sincerely, -The Buildbot
buildbot success in on ofbizTrunkFramework
The Buildbot has detected a restored build on builder ofbizTrunkFramework while building ofbiz-framework. Full details are available at: https://ci.apache.org/builders/ofbizTrunkFramework/builds/2000 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'onTrunkFrameworkCommit' triggered this build Build Source Stamp: [branch trunk] c1644940e94771dcaddb1b0d5f98b7042cdc1f8c Blamelist: James Yong Build succeeded! Sincerely, -The Buildbot
[ofbiz-framework] branch trunk updated: Fixed: Make locale available for DateFindField and DateTimeField macros (OFBIZ-12086)
This is an automated email from the ASF dual-hosted git repository.
jamesyong pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new c164494 Fixed: Make locale available for DateFindField and
DateTimeField macros (OFBIZ-12086)
c164494 is described below
commit c1644940e94771dcaddb1b0d5f98b7042cdc1f8c
Author: James Yong
AuthorDate: Mon Dec 7 23:46:02 2020 +0800
Fixed: Make locale available for DateFindField and DateTimeField macros
(OFBIZ-12086)
Fixed compile error in MacroFormRendererTest.java.
Thanks: Daniel and Tomek for the finding
---
.../org/apache/ofbiz/widget/renderer/macro/MacroFormRendererTest.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git
a/framework/widget/src/test/java/org/apache/ofbiz/widget/renderer/macro/MacroFormRendererTest.java
b/framework/widget/src/test/java/org/apache/ofbiz/widget/renderer/macro/MacroFormRendererTest.java
index 8999bcb..d7f197e 100644
---
a/framework/widget/src/test/java/org/apache/ofbiz/widget/renderer/macro/MacroFormRendererTest.java
+++
b/framework/widget/src/test/java/org/apache/ofbiz/widget/renderer/macro/MacroFormRendererTest.java
@@ -124,7 +124,7 @@ public class MacroFormRendererTest {
label.getText(withNotNull());
result = "";
-ftlWriter.executeMacro(withNotNull(), withNotNull());
+ftlWriter.executeMacro(withNotNull(), withNull(),
withNotNull());
times = 0;
}
};
@@ -1039,7 +1039,7 @@ public class MacroFormRendererTest {
new Verifications() {
{
List macros = new ArrayList<>();
-ftlWriter.executeMacro(withNotNull(), withCapture(macros));
+ftlWriter.executeMacro(withNotNull(), withNull(),
withCapture(macros));
assertThat(macros, not(empty()));
final String macro = macros.get(0);
buildbot exception in on ofbizTrunkFrameworkPlugins
The Buildbot has detected a build exception on builder ofbizTrunkFrameworkPlugins while building ofbiz-plugins. Full details are available at: https://ci.apache.org/builders/ofbizTrunkFrameworkPlugins/builds/1904 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf945_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'onTrunkPluginsCommit' triggered this build Build Source Stamp: [branch trunk] e84c7ada87fec31d9d65f1ce062a83649bc8f294 Blamelist: Jacques Le Roux BUILD FAILED: exception build upload test-results part 1 Sincerely, -The Buildbot
[ofbiz-plugins] branch trunk updated: Fixed: Lucene TopScoreDocCollector::create wrong call the 2 in Search.groovy scripts (OFBIZ-12087)
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git
The following commit(s) were added to refs/heads/trunk by this push:
new e84c7ad Fixed: Lucene TopScoreDocCollector::create wrong call the 2
in Search.groovy scripts (OFBIZ-12087)
e84c7ad is described below
commit e84c7ada87fec31d9d65f1ce062a83649bc8f294
Author: Jacques Le Roux
AuthorDate: Mon Dec 7 13:20:18 2020 +0100
Fixed: Lucene TopScoreDocCollector::create wrong call the 2 in
Search.groovy scripts (OFBIZ-12087)
I guess it's due to an update of Lucene, easy fix
---
ecommerce/groovyScripts/content/Search.groovy | 2 +-
lucene/groovyScripts/content/Search.groovy| 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/ecommerce/groovyScripts/content/Search.groovy
b/ecommerce/groovyScripts/content/Search.groovy
index c4ae3f6..9c0b41a 100644
--- a/ecommerce/groovyScripts/content/Search.groovy
+++ b/ecommerce/groovyScripts/content/Search.groovy
@@ -86,7 +86,7 @@ if (featureIdByType) {
if (searcher) {
logInfo("in search searchFeature3, combQuery:" + combQuery.toString())
-TopScoreDocCollector collector = TopScoreDocCollector.create(100)
//defaulting to 100 results
+TopScoreDocCollector collector = TopScoreDocCollector.create(100, 100)
//defaulting to 100 results
searcher.search(combQuery.build(), collector)
ScoreDoc[] hits = collector.topDocs().scoreDocs
logInfo("in search, hits:" + collector.getTotalHits())
diff --git a/lucene/groovyScripts/content/Search.groovy
b/lucene/groovyScripts/content/Search.groovy
index c98e0b6..fcd418c 100644
--- a/lucene/groovyScripts/content/Search.groovy
+++ b/lucene/groovyScripts/content/Search.groovy
@@ -94,7 +94,7 @@ if (searchFeature1 || searchFeature2 || searchFeature3 ||
!featureIdByType.isEmp
}
}
if (searcher) {
-TopScoreDocCollector collector = TopScoreDocCollector.create(100)
//defaulting to 100 results
+TopScoreDocCollector collector = TopScoreDocCollector.create(100, 100)
//defaulting to 100 results
searcher.search(combQuery.build(), collector)
ScoreDoc[] hits = collector.topDocs().scoreDocs
[ofbiz-plugins] branch release18.12 updated: Fixed: Lucene TopScoreDocCollector::create wrong call the 2 in Search.groovy scripts (OFBIZ-12087)
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git
The following commit(s) were added to refs/heads/release18.12 by this push:
new e3adeec Fixed: Lucene TopScoreDocCollector::create wrong call the 2
in Search.groovy scripts (OFBIZ-12087)
e3adeec is described below
commit e3adeec0628b8222e92c165e6839daa236ea771d
Author: Jacques Le Roux
AuthorDate: Mon Dec 7 13:20:18 2020 +0100
Fixed: Lucene TopScoreDocCollector::create wrong call the 2 in
Search.groovy scripts (OFBIZ-12087)
I guess it's due to an update of Lucene, easy fix
# Conflicts:
# ecommerce/groovyScripts/content/Search.groovy
---
ecommerce/groovyScripts/content/Search.groovy | 2 +-
lucene/groovyScripts/content/Search.groovy| 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/ecommerce/groovyScripts/content/Search.groovy
b/ecommerce/groovyScripts/content/Search.groovy
index 3e90d12..686edf1 100644
--- a/ecommerce/groovyScripts/content/Search.groovy
+++ b/ecommerce/groovyScripts/content/Search.groovy
@@ -86,7 +86,7 @@ if (featureIdByType) {
if (searcher) {
Debug.logInfo("in search searchFeature3, combQuery:" +
combQuery.toString(), "")
-TopScoreDocCollector collector = TopScoreDocCollector.create(100)
//defaulting to 100 results
+TopScoreDocCollector collector = TopScoreDocCollector.create(100, 100)
//defaulting to 100 results
searcher.search(combQuery.build(), collector)
ScoreDoc[] hits = collector.topDocs().scoreDocs
Debug.logInfo("in search, hits:" + collector.getTotalHits(), "")
diff --git a/lucene/groovyScripts/content/Search.groovy
b/lucene/groovyScripts/content/Search.groovy
index c98e0b6..fcd418c 100644
--- a/lucene/groovyScripts/content/Search.groovy
+++ b/lucene/groovyScripts/content/Search.groovy
@@ -94,7 +94,7 @@ if (searchFeature1 || searchFeature2 || searchFeature3 ||
!featureIdByType.isEmp
}
}
if (searcher) {
-TopScoreDocCollector collector = TopScoreDocCollector.create(100)
//defaulting to 100 results
+TopScoreDocCollector collector = TopScoreDocCollector.create(100, 100)
//defaulting to 100 results
searcher.search(combQuery.build(), collector)
ScoreDoc[] hits = collector.topDocs().scoreDocs
[ofbiz-plugins] branch release17.12 updated: Fixed: Lucene TopScoreDocCollector::create wrong call the 2 in Search.groovy scripts (OFBIZ-12087)
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release17.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git
The following commit(s) were added to refs/heads/release17.12 by this push:
new 96e2dee Fixed: Lucene TopScoreDocCollector::create wrong call the 2
in Search.groovy scripts (OFBIZ-12087)
96e2dee is described below
commit 96e2deea3beab32d928d41ab9be63e3ea18f907b
Author: Jacques Le Roux
AuthorDate: Mon Dec 7 13:20:18 2020 +0100
Fixed: Lucene TopScoreDocCollector::create wrong call the 2 in
Search.groovy scripts (OFBIZ-12087)
I guess it's due to an update of Lucene, easy fix
# Conflicts:
# ecommerce/groovyScripts/content/Search.groovy
---
ecommerce/groovyScripts/content/Search.groovy | 2 +-
lucene/groovyScripts/content/Search.groovy| 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/ecommerce/groovyScripts/content/Search.groovy
b/ecommerce/groovyScripts/content/Search.groovy
index 3e90d12..686edf1 100644
--- a/ecommerce/groovyScripts/content/Search.groovy
+++ b/ecommerce/groovyScripts/content/Search.groovy
@@ -86,7 +86,7 @@ if (featureIdByType) {
if (searcher) {
Debug.logInfo("in search searchFeature3, combQuery:" +
combQuery.toString(), "")
-TopScoreDocCollector collector = TopScoreDocCollector.create(100)
//defaulting to 100 results
+TopScoreDocCollector collector = TopScoreDocCollector.create(100, 100)
//defaulting to 100 results
searcher.search(combQuery.build(), collector)
ScoreDoc[] hits = collector.topDocs().scoreDocs
Debug.logInfo("in search, hits:" + collector.getTotalHits(), "")
diff --git a/lucene/groovyScripts/content/Search.groovy
b/lucene/groovyScripts/content/Search.groovy
index c98e0b6..fcd418c 100644
--- a/lucene/groovyScripts/content/Search.groovy
+++ b/lucene/groovyScripts/content/Search.groovy
@@ -94,7 +94,7 @@ if (searchFeature1 || searchFeature2 || searchFeature3 ||
!featureIdByType.isEmp
}
}
if (searcher) {
-TopScoreDocCollector collector = TopScoreDocCollector.create(100)
//defaulting to 100 results
+TopScoreDocCollector collector = TopScoreDocCollector.create(100, 100)
//defaulting to 100 results
searcher.search(combQuery.build(), collector)
ScoreDoc[] hits = collector.topDocs().scoreDocs
