[jira] [Commented] (OFBIZ-12249) Unexpected decoding of url encoded textarea data after submission
[ https://issues.apache.org/jira/browse/OFBIZ-12249?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17358279#comment-17358279 ] Xin Wang commented on OFBIZ-12249: -- Hi Jacques, Sorry that I post an invalid example, you can have a try with following one: blah blah blah ... (http://example.com/a%20link) ... BTW, if we do not call `canonicalizeParameter' for parts of the text, and without fully output encoding, it may open a security hole. If we do output encoding completely, any text can be accepted, so my point is that we should accept any text user submitted for free-form text input widgets, and encode that properly before html rendering. > Unexpected decoding of url encoded textarea data after submission > -- > > Key: OFBIZ-12249 > URL: https://issues.apache.org/jira/browse/OFBIZ-12249 > Project: OFBiz > Issue Type: Bug >Affects Versions: Trunk >Reporter: Xin Wang >Assignee: Jacques Le Roux >Priority: Major > Attachments: Image 005.png, OFBIZ-12249.patch > > > When trying to add a note to WorkEffort entity, I found that url encoded > characters are unescaped, which is not expected. > e.g.: > 1. Go to page: > https://demo-trunk.ofbiz.apache.org/workeffort/control/EditWorkEffortNotes?workEffortId=TASK01 > 2. Add a note with content: https://example.com/a%20link > 3. After submission, it will turned to be: https://example.com/a link > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (OFBIZ-12249) Unexpected decoding of url encoded textarea data after submission
[
https://issues.apache.org/jira/browse/OFBIZ-12249?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17358168#comment-17358168
]
Jacques Le Roux edited comment on OFBIZ-12249 at 6/6/21, 5:02 PM:
--
What is the problem you are crossing?
It works for me. The idea is: in the textarea, strings (separated by spaces)
are either valid URLs then don't use canonicalizeParameter; or not then use
canonicalizeParameter, as it was before.
!Image 005.png!
was (Author: jacques.le.roux):
What is the problem you are crossing?
It works for me. The idea is: in the textarea, strings (separated by spaces)
are either valid URLs (beware for {{UrlValidator.getInstance().isValid(s)}}
example.com is not a valid domain) then don't use canonicalizeParameter else
use it, as it was before.
!Image 005.png!
> Unexpected decoding of url encoded textarea data after submission
> --
>
> Key: OFBIZ-12249
> URL: https://issues.apache.org/jira/browse/OFBIZ-12249
> Project: OFBiz
> Issue Type: Bug
>Affects Versions: Trunk
>Reporter: Xin Wang
>Assignee: Jacques Le Roux
>Priority: Major
> Attachments: Image 005.png, OFBIZ-12249.patch
>
>
> When trying to add a note to WorkEffort entity, I found that url encoded
> characters are unescaped, which is not expected.
> e.g.:
> 1. Go to page:
> https://demo-trunk.ofbiz.apache.org/workeffort/control/EditWorkEffortNotes?workEffortId=TASK01
> 2. Add a note with content: https://example.com/a%20link
> 3. After submission, it will turned to be: https://example.com/a link
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Comment Edited] (OFBIZ-12249) Unexpected decoding of url encoded textarea data after submission
[
https://issues.apache.org/jira/browse/OFBIZ-12249?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17358168#comment-17358168
]
Jacques Le Roux edited comment on OFBIZ-12249 at 6/6/21, 5:01 PM:
--
What is the problem you are crossing?
It works for me. The idea is: in the textarea, strings (separated by spaces)
are either valid URLs (beware for {{UrlValidator.getInstance().isValid(s)}}
example.com is not a valid domain) then don't use canonicalizeParameter else
use it, as it was before.
!Image 005.png!
was (Author: jacques.le.roux):
What is the problem you are crossing? It works for me:
!Image 005.png!
> Unexpected decoding of url encoded textarea data after submission
> --
>
> Key: OFBIZ-12249
> URL: https://issues.apache.org/jira/browse/OFBIZ-12249
> Project: OFBiz
> Issue Type: Bug
>Affects Versions: Trunk
>Reporter: Xin Wang
>Assignee: Jacques Le Roux
>Priority: Major
> Attachments: Image 005.png, OFBIZ-12249.patch
>
>
> When trying to add a note to WorkEffort entity, I found that url encoded
> characters are unescaped, which is not expected.
> e.g.:
> 1. Go to page:
> https://demo-trunk.ofbiz.apache.org/workeffort/control/EditWorkEffortNotes?workEffortId=TASK01
> 2. Add a note with content: https://example.com/a%20link
> 3. After submission, it will turned to be: https://example.com/a link
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (OFBIZ-12249) Unexpected decoding of url encoded textarea data after submission
[ https://issues.apache.org/jira/browse/OFBIZ-12249?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17358168#comment-17358168 ] Jacques Le Roux commented on OFBIZ-12249: - What is the problem you are crossing? It works for me: !Image 005.png! > Unexpected decoding of url encoded textarea data after submission > -- > > Key: OFBIZ-12249 > URL: https://issues.apache.org/jira/browse/OFBIZ-12249 > Project: OFBiz > Issue Type: Bug >Affects Versions: Trunk >Reporter: Xin Wang >Assignee: Jacques Le Roux >Priority: Major > Attachments: Image 005.png, OFBIZ-12249.patch > > > When trying to add a note to WorkEffort entity, I found that url encoded > characters are unescaped, which is not expected. > e.g.: > 1. Go to page: > https://demo-trunk.ofbiz.apache.org/workeffort/control/EditWorkEffortNotes?workEffortId=TASK01 > 2. Add a note with content: https://example.com/a%20link > 3. After submission, it will turned to be: https://example.com/a link > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-12249) Unexpected decoding of url encoded textarea data after submission
[ https://issues.apache.org/jira/browse/OFBIZ-12249?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux updated OFBIZ-12249: Attachment: Image 005.png > Unexpected decoding of url encoded textarea data after submission > -- > > Key: OFBIZ-12249 > URL: https://issues.apache.org/jira/browse/OFBIZ-12249 > Project: OFBiz > Issue Type: Bug >Affects Versions: Trunk >Reporter: Xin Wang >Assignee: Jacques Le Roux >Priority: Major > Attachments: Image 005.png, OFBIZ-12249.patch > > > When trying to add a note to WorkEffort entity, I found that url encoded > characters are unescaped, which is not expected. > e.g.: > 1. Go to page: > https://demo-trunk.ofbiz.apache.org/workeffort/control/EditWorkEffortNotes?workEffortId=TASK01 > 2. Add a note with content: https://example.com/a%20link > 3. After submission, it will turned to be: https://example.com/a link > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-12249) Unexpected decoding of url encoded textarea data after submission
[
https://issues.apache.org/jira/browse/OFBIZ-12249?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17358120#comment-17358120
]
Xin Wang commented on OFBIZ-12249:
--
Hi Jacques,
Seems that following example will be rejected by this new patch:
{quote}blah blah blah ... (see [http://example.com/a%20link]) ...
{quote}
I think that for free-form text input widgets, it is really hard to guess what
kind of text will be submitted. What we can do is output encoding, instead of
input sanitization.
> Unexpected decoding of url encoded textarea data after submission
> --
>
> Key: OFBIZ-12249
> URL: https://issues.apache.org/jira/browse/OFBIZ-12249
> Project: OFBiz
> Issue Type: Bug
>Affects Versions: Trunk
>Reporter: Xin Wang
>Assignee: Jacques Le Roux
>Priority: Major
> Attachments: OFBIZ-12249.patch
>
>
> When trying to add a note to WorkEffort entity, I found that url encoded
> characters are unescaped, which is not expected.
> e.g.:
> 1. Go to page:
> https://demo-trunk.ofbiz.apache.org/workeffort/control/EditWorkEffortNotes?workEffortId=TASK01
> 2. Add a note with content: https://example.com/a%20link
> 3. After submission, it will turned to be: https://example.com/a link
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Comment Edited] (OFBIZ-12249) Unexpected decoding of url encoded textarea data after submission
[
https://issues.apache.org/jira/browse/OFBIZ-12249?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17358115#comment-17358115
]
Jacques Le Roux edited comment on OFBIZ-12249 at 6/6/21, 1:48 PM:
--
{quote}Now that I re-think about it I'll see how textarea fields are defined in
services, begining with this one, to cope at root if possible.
{quote}
Ah, forgot to say that using html="safe" for is not a solution in case of
textarea. I tried with internalNote in createWorkEffortNote and
updateWorkEffortNote services.
The patch above is the best solution. It takes care of all textareas cases.
was (Author: jacques.le.roux):
{quote}Now that I re-think about it I'll see how textarea fields are defined in
services, begining with this one, to cope at root if possible.
{quote}
Ah, forgot to say that using html="safe" for is not a solution in case of
textarea. I tried with internalNote in createWorkEffortNote and
updateWorkEffortNote.
The patch above is the best solution. It takes care of all textareas cases.
> Unexpected decoding of url encoded textarea data after submission
> --
>
> Key: OFBIZ-12249
> URL: https://issues.apache.org/jira/browse/OFBIZ-12249
> Project: OFBiz
> Issue Type: Bug
>Affects Versions: Trunk
>Reporter: Xin Wang
>Assignee: Jacques Le Roux
>Priority: Major
> Attachments: OFBIZ-12249.patch
>
>
> When trying to add a note to WorkEffort entity, I found that url encoded
> characters are unescaped, which is not expected.
> e.g.:
> 1. Go to page:
> https://demo-trunk.ofbiz.apache.org/workeffort/control/EditWorkEffortNotes?workEffortId=TASK01
> 2. Add a note with content: https://example.com/a%20link
> 3. After submission, it will turned to be: https://example.com/a link
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (OFBIZ-12249) Unexpected decoding of url encoded textarea data after submission
[
https://issues.apache.org/jira/browse/OFBIZ-12249?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17358115#comment-17358115
]
Jacques Le Roux commented on OFBIZ-12249:
-
{quote}Now that I re-think about it I'll see how textarea fields are defined in
services, begining with this one, to cope at root if possible.
{quote}
Ah, forgot to say that using html="safe" for is not a solution in case of
textarea. I tried with internalNote in createWorkEffortNote and
updateWorkEffortNote.
The patch above is the best solution. It takes care of all textareas cases.
> Unexpected decoding of url encoded textarea data after submission
> --
>
> Key: OFBIZ-12249
> URL: https://issues.apache.org/jira/browse/OFBIZ-12249
> Project: OFBiz
> Issue Type: Bug
>Affects Versions: Trunk
>Reporter: Xin Wang
>Assignee: Jacques Le Roux
>Priority: Major
> Attachments: OFBIZ-12249.patch
>
>
> When trying to add a note to WorkEffort entity, I found that url encoded
> characters are unescaped, which is not expected.
> e.g.:
> 1. Go to page:
> https://demo-trunk.ofbiz.apache.org/workeffort/control/EditWorkEffortNotes?workEffortId=TASK01
> 2. Add a note with content: https://example.com/a%20link
> 3. After submission, it will turned to be: https://example.com/a link
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (OFBIZ-12249) Unexpected decoding of url encoded textarea data after submission
[ https://issues.apache.org/jira/browse/OFBIZ-12249?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux updated OFBIZ-12249: Attachment: OFBIZ-12249.patch > Unexpected decoding of url encoded textarea data after submission > -- > > Key: OFBIZ-12249 > URL: https://issues.apache.org/jira/browse/OFBIZ-12249 > Project: OFBiz > Issue Type: Bug >Affects Versions: Trunk >Reporter: Xin Wang >Assignee: Jacques Le Roux >Priority: Major > Attachments: OFBIZ-12249.patch > > > When trying to add a note to WorkEffort entity, I found that url encoded > characters are unescaped, which is not expected. > e.g.: > 1. Go to page: > https://demo-trunk.ofbiz.apache.org/workeffort/control/EditWorkEffortNotes?workEffortId=TASK01 > 2. Add a note with content: https://example.com/a%20link > 3. After submission, it will turned to be: https://example.com/a link > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-12249) Unexpected decoding of url encoded textarea data after submission
[ https://issues.apache.org/jira/browse/OFBIZ-12249?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux updated OFBIZ-12249: Attachment: (was: OFBIZ-12249.patch) > Unexpected decoding of url encoded textarea data after submission > -- > > Key: OFBIZ-12249 > URL: https://issues.apache.org/jira/browse/OFBIZ-12249 > Project: OFBiz > Issue Type: Bug >Affects Versions: Trunk >Reporter: Xin Wang >Assignee: Jacques Le Roux >Priority: Major > > When trying to add a note to WorkEffort entity, I found that url encoded > characters are unescaped, which is not expected. > e.g.: > 1. Go to page: > https://demo-trunk.ofbiz.apache.org/workeffort/control/EditWorkEffortNotes?workEffortId=TASK01 > 2. Add a note with content: https://example.com/a%20link > 3. After submission, it will turned to be: https://example.com/a link > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (OFBIZ-12249) Unexpected decoding of url encoded textarea data after submission
[ https://issues.apache.org/jira/browse/OFBIZ-12249?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux reassigned OFBIZ-12249: --- Assignee: Jacques Le Roux > Unexpected decoding of url encoded textarea data after submission > -- > > Key: OFBIZ-12249 > URL: https://issues.apache.org/jira/browse/OFBIZ-12249 > Project: OFBiz > Issue Type: Bug >Affects Versions: Trunk >Reporter: Xin Wang >Assignee: Jacques Le Roux >Priority: Major > > When trying to add a note to WorkEffort entity, I found that url encoded > characters are unescaped, which is not expected. > e.g.: > 1. Go to page: > https://demo-trunk.ofbiz.apache.org/workeffort/control/EditWorkEffortNotes?workEffortId=TASK01 > 2. Add a note with content: https://example.com/a%20link > 3. After submission, it will turned to be: https://example.com/a link > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-12249) Unexpected decoding of url encoded textarea data after submission
[ https://issues.apache.org/jira/browse/OFBIZ-12249?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux updated OFBIZ-12249: Attachment: (was: OFBIZ-12249.patch) > Unexpected decoding of url encoded textarea data after submission > -- > > Key: OFBIZ-12249 > URL: https://issues.apache.org/jira/browse/OFBIZ-12249 > Project: OFBiz > Issue Type: Bug >Affects Versions: Trunk >Reporter: Xin Wang >Priority: Major > Attachments: OFBIZ-12249.patch > > > When trying to add a note to WorkEffort entity, I found that url encoded > characters are unescaped, which is not expected. > e.g.: > 1. Go to page: > https://demo-trunk.ofbiz.apache.org/workeffort/control/EditWorkEffortNotes?workEffortId=TASK01 > 2. Add a note with content: https://example.com/a%20link > 3. After submission, it will turned to be: https://example.com/a link > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-12249) Unexpected decoding of url encoded textarea data after submission
[ https://issues.apache.org/jira/browse/OFBIZ-12249?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17358107#comment-17358107 ] Jacques Le Roux commented on OFBIZ-12249: - This patch should be OK: [^OFBIZ-12249.patch] > Unexpected decoding of url encoded textarea data after submission > -- > > Key: OFBIZ-12249 > URL: https://issues.apache.org/jira/browse/OFBIZ-12249 > Project: OFBiz > Issue Type: Bug >Affects Versions: Trunk >Reporter: Xin Wang >Priority: Major > Attachments: OFBIZ-12249.patch, OFBIZ-12249.patch > > > When trying to add a note to WorkEffort entity, I found that url encoded > characters are unescaped, which is not expected. > e.g.: > 1. Go to page: > https://demo-trunk.ofbiz.apache.org/workeffort/control/EditWorkEffortNotes?workEffortId=TASK01 > 2. Add a note with content: https://example.com/a%20link > 3. After submission, it will turned to be: https://example.com/a link > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-12249) Unexpected decoding of url encoded textarea data after submission
[ https://issues.apache.org/jira/browse/OFBIZ-12249?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux updated OFBIZ-12249: Attachment: OFBIZ-12249.patch > Unexpected decoding of url encoded textarea data after submission > -- > > Key: OFBIZ-12249 > URL: https://issues.apache.org/jira/browse/OFBIZ-12249 > Project: OFBiz > Issue Type: Bug >Affects Versions: Trunk >Reporter: Xin Wang >Priority: Major > Attachments: OFBIZ-12249.patch, OFBIZ-12249.patch > > > When trying to add a note to WorkEffort entity, I found that url encoded > characters are unescaped, which is not expected. > e.g.: > 1. Go to page: > https://demo-trunk.ofbiz.apache.org/workeffort/control/EditWorkEffortNotes?workEffortId=TASK01 > 2. Add a note with content: https://example.com/a%20link > 3. After submission, it will turned to be: https://example.com/a link > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Closed] (OFBIZ-12253) Show WorkEffort names in FindWorkEffort page
[ https://issues.apache.org/jira/browse/OFBIZ-12253?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux closed OFBIZ-12253. --- Fix Version/s: Release Branch 17.12 18.12.01 Resolution: Fixed > Show WorkEffort names in FindWorkEffort page > > > Key: OFBIZ-12253 > URL: https://issues.apache.org/jira/browse/OFBIZ-12253 > Project: OFBiz > Issue Type: Bug >Affects Versions: Trunk >Reporter: Xin Wang >Assignee: Jacques Le Roux >Priority: Major > Fix For: 18.12.01, Release Branch 17.12 > > Attachments: > 0001-Fixed-Show-WorkEffort-names-in-FindWorkEffort-page-O.patch > > > In FindWorkEffort page ( > https://demo-trunk.ofbiz.apache.org/workeffort/control/FindWorkEffort ), > "Work Effort Name" can be specified as search option, but the result table do > not show it. > I think it would be nice if WorkEffort names can be displayed. Actually, > there are some code around there already, but do not work properly (see > workEffortId field definition in ListWorkEfforts form). -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-12253) Show WorkEffort names in FindWorkEffort page
[ https://issues.apache.org/jira/browse/OFBIZ-12253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17358048#comment-17358048 ] ASF subversion and git services commented on OFBIZ-12253: - Commit bbb25daaf2816d3b23612d8a675b4d2832d175ce in ofbiz-framework's branch refs/heads/release18.12 from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=bbb25da ] Fixed: Show WorkEffort names in FindWorkEffort page (OFBIZ-12253) In FindWorkEffort page, "Work Effort Name" can be specified as search option, but the result table do not show it. It would be nice if WorkEffort names can be displayed. Actually, 'workEffortName' has already been added to the description of hyperlink in 'workEffortId' field, but 'workEffortName' is not presented in 'fieldList', so names are failed to be shown. Thanks: Xin Wang > Show WorkEffort names in FindWorkEffort page > > > Key: OFBIZ-12253 > URL: https://issues.apache.org/jira/browse/OFBIZ-12253 > Project: OFBiz > Issue Type: Bug >Affects Versions: Trunk >Reporter: Xin Wang >Assignee: Jacques Le Roux >Priority: Major > Attachments: > 0001-Fixed-Show-WorkEffort-names-in-FindWorkEffort-page-O.patch > > > In FindWorkEffort page ( > https://demo-trunk.ofbiz.apache.org/workeffort/control/FindWorkEffort ), > "Work Effort Name" can be specified as search option, but the result table do > not show it. > I think it would be nice if WorkEffort names can be displayed. Actually, > there are some code around there already, but do not work properly (see > workEffortId field definition in ListWorkEfforts form). -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-12253) Show WorkEffort names in FindWorkEffort page
[ https://issues.apache.org/jira/browse/OFBIZ-12253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17358047#comment-17358047 ] ASF subversion and git services commented on OFBIZ-12253: - Commit 858cd36e901408d90fa6e48bf6d64d4e1eba0c0a in ofbiz-framework's branch refs/heads/release17.12 from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=858cd36 ] Fixed: Show WorkEffort names in FindWorkEffort page (OFBIZ-12253) In FindWorkEffort page, "Work Effort Name" can be specified as search option, but the result table do not show it. It would be nice if WorkEffort names can be displayed. Actually, 'workEffortName' has already been added to the description of hyperlink in 'workEffortId' field, but 'workEffortName' is not presented in 'fieldList', so names are failed to be shown. Thanks: Xin Wang > Show WorkEffort names in FindWorkEffort page > > > Key: OFBIZ-12253 > URL: https://issues.apache.org/jira/browse/OFBIZ-12253 > Project: OFBiz > Issue Type: Bug >Affects Versions: Trunk >Reporter: Xin Wang >Assignee: Jacques Le Roux >Priority: Major > Attachments: > 0001-Fixed-Show-WorkEffort-names-in-FindWorkEffort-page-O.patch > > > In FindWorkEffort page ( > https://demo-trunk.ofbiz.apache.org/workeffort/control/FindWorkEffort ), > "Work Effort Name" can be specified as search option, but the result table do > not show it. > I think it would be nice if WorkEffort names can be displayed. Actually, > there are some code around there already, but do not work properly (see > workEffortId field definition in ListWorkEfforts form). -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-12253) Show WorkEffort names in FindWorkEffort page
[ https://issues.apache.org/jira/browse/OFBIZ-12253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17358049#comment-17358049 ] ASF subversion and git services commented on OFBIZ-12253: - Commit fe845e642cee227cbd897c1f68a10d54cc08d18d in ofbiz-framework's branch refs/heads/trunk from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=fe845e6 ] Fixed: Show WorkEffort names in FindWorkEffort page (OFBIZ-12253) In FindWorkEffort page, "Work Effort Name" can be specified as search option, but the result table do not show it. It would be nice if WorkEffort names can be displayed. Actually, 'workEffortName' has already been added to the description of hyperlink in 'workEffortId' field, but 'workEffortName' is not presented in 'fieldList', so names are failed to be shown. Thanks: Xin Wang > Show WorkEffort names in FindWorkEffort page > > > Key: OFBIZ-12253 > URL: https://issues.apache.org/jira/browse/OFBIZ-12253 > Project: OFBiz > Issue Type: Bug >Affects Versions: Trunk >Reporter: Xin Wang >Assignee: Jacques Le Roux >Priority: Major > Attachments: > 0001-Fixed-Show-WorkEffort-names-in-FindWorkEffort-page-O.patch > > > In FindWorkEffort page ( > https://demo-trunk.ofbiz.apache.org/workeffort/control/FindWorkEffort ), > "Work Effort Name" can be specified as search option, but the result table do > not show it. > I think it would be nice if WorkEffort names can be displayed. Actually, > there are some code around there already, but do not work properly (see > workEffortId field definition in ListWorkEfforts form). -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (OFBIZ-12253) Show WorkEffort names in FindWorkEffort page
[ https://issues.apache.org/jira/browse/OFBIZ-12253?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux reassigned OFBIZ-12253: --- Assignee: Jacques Le Roux > Show WorkEffort names in FindWorkEffort page > > > Key: OFBIZ-12253 > URL: https://issues.apache.org/jira/browse/OFBIZ-12253 > Project: OFBiz > Issue Type: Bug >Affects Versions: Trunk >Reporter: Xin Wang >Assignee: Jacques Le Roux >Priority: Major > Attachments: > 0001-Fixed-Show-WorkEffort-names-in-FindWorkEffort-page-O.patch > > > In FindWorkEffort page ( > https://demo-trunk.ofbiz.apache.org/workeffort/control/FindWorkEffort ), > "Work Effort Name" can be specified as search option, but the result table do > not show it. > I think it would be nice if WorkEffort names can be displayed. Actually, > there are some code around there already, but do not work properly (see > workEffortId field definition in ListWorkEfforts form). -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Closed] (OFBIZ-12252) Session id `externalLoginKey' should not be included in URL
[ https://issues.apache.org/jira/browse/OFBIZ-12252?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Xin Wang closed OFBIZ-12252. Resolution: Information Provided > Session id `externalLoginKey' should not be included in URL > --- > > Key: OFBIZ-12252 > URL: https://issues.apache.org/jira/browse/OFBIZ-12252 > Project: OFBiz > Issue Type: Bug >Reporter: Xin Wang >Priority: Major > > When changing between different OFBiz apps, session id `externalLoginKey' > will be inserted into URL as a query string. But sensitive info like that > should not be included in URL if we concerning about security, as it will be > exposed in following scenarios: > 1. It will be recorded in browser history > 2. It will be recorded in web server access log > 3. It will be sent to other servers in Referer header > Anyone get this key can log into OFBiz without authentication, until that key > expired. > See following discussion for more info: > https://stackoverflow.com/questions/7351225/passing-session-identifier-as-a-query-string-parameter -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-12252) Session id `externalLoginKey' should not be included in URL
[ https://issues.apache.org/jira/browse/OFBIZ-12252?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17358032#comment-17358032 ] Xin Wang commented on OFBIZ-12252: -- Hi Jacques, Thank you for your detailed explanation! As related issues have been fully discussed, I will close this one. Thanks! > Session id `externalLoginKey' should not be included in URL > --- > > Key: OFBIZ-12252 > URL: https://issues.apache.org/jira/browse/OFBIZ-12252 > Project: OFBiz > Issue Type: Bug >Reporter: Xin Wang >Priority: Major > > When changing between different OFBiz apps, session id `externalLoginKey' > will be inserted into URL as a query string. But sensitive info like that > should not be included in URL if we concerning about security, as it will be > exposed in following scenarios: > 1. It will be recorded in browser history > 2. It will be recorded in web server access log > 3. It will be sent to other servers in Referer header > Anyone get this key can log into OFBiz without authentication, until that key > expired. > See following discussion for more info: > https://stackoverflow.com/questions/7351225/passing-session-identifier-as-a-query-string-parameter -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-12252) Session id `externalLoginKey' should not be included in URL
[ https://issues.apache.org/jira/browse/OFBIZ-12252?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17358030#comment-17358030 ] Jacques Le Roux commented on OFBIZ-12252: - Hi Wang, Tomcat SSO was put in with OFBIZ-10047. [There was an objection from Michael about the cluster case|https://issues.apache.org/jira/browse/OFBIZ-10047?focusedCommentId=16295131=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16295131]. I looked at it and [this was my final answer|https://issues.apache.org/jira/secure/EditComment!default.jspa?id=13124002=16296572] So it's possible to make it work in a cluster but needs more work... > Session id `externalLoginKey' should not be included in URL > --- > > Key: OFBIZ-12252 > URL: https://issues.apache.org/jira/browse/OFBIZ-12252 > Project: OFBiz > Issue Type: Bug >Reporter: Xin Wang >Priority: Major > > When changing between different OFBiz apps, session id `externalLoginKey' > will be inserted into URL as a query string. But sensitive info like that > should not be included in URL if we concerning about security, as it will be > exposed in following scenarios: > 1. It will be recorded in browser history > 2. It will be recorded in web server access log > 3. It will be sent to other servers in Referer header > Anyone get this key can log into OFBiz without authentication, until that key > expired. > See following discussion for more info: > https://stackoverflow.com/questions/7351225/passing-session-identifier-as-a-query-string-parameter -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-12253) Show WorkEffort names in FindWorkEffort page
[ https://issues.apache.org/jira/browse/OFBIZ-12253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17358029#comment-17358029 ] Xin Wang commented on OFBIZ-12253: -- I have attached a simple patch to fix this issue. > Show WorkEffort names in FindWorkEffort page > > > Key: OFBIZ-12253 > URL: https://issues.apache.org/jira/browse/OFBIZ-12253 > Project: OFBiz > Issue Type: Bug >Affects Versions: Trunk >Reporter: Xin Wang >Priority: Major > Attachments: > 0001-Fixed-Show-WorkEffort-names-in-FindWorkEffort-page-O.patch > > > In FindWorkEffort page ( > https://demo-trunk.ofbiz.apache.org/workeffort/control/FindWorkEffort ), > "Work Effort Name" can be specified as search option, but the result table do > not show it. > I think it would be nice if WorkEffort names can be displayed. Actually, > there are some code around there already, but do not work properly (see > workEffortId field definition in ListWorkEfforts form). -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-12253) Show WorkEffort names in FindWorkEffort page
[ https://issues.apache.org/jira/browse/OFBIZ-12253?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Xin Wang updated OFBIZ-12253: - Attachment: 0001-Fixed-Show-WorkEffort-names-in-FindWorkEffort-page-O.patch > Show WorkEffort names in FindWorkEffort page > > > Key: OFBIZ-12253 > URL: https://issues.apache.org/jira/browse/OFBIZ-12253 > Project: OFBiz > Issue Type: Bug >Affects Versions: Trunk >Reporter: Xin Wang >Priority: Major > Attachments: > 0001-Fixed-Show-WorkEffort-names-in-FindWorkEffort-page-O.patch > > > In FindWorkEffort page ( > https://demo-trunk.ofbiz.apache.org/workeffort/control/FindWorkEffort ), > "Work Effort Name" can be specified as search option, but the result table do > not show it. > I think it would be nice if WorkEffort names can be displayed. Actually, > there are some code around there already, but do not work properly (see > workEffortId field definition in ListWorkEfforts form). -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-12249) Unexpected decoding of url encoded textarea data after submission
[ https://issues.apache.org/jira/browse/OFBIZ-12249?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17358028#comment-17358028 ] Jacques Le Roux commented on OFBIZ-12249: - Hi Wang, Right, that's what I thought initially to loop around the strings in the textarea and don't change only valid URLs in that. I then forgot :/. Now that I re-think about it I'll see how textarea fields are defined in services, begining with this one, to cope at root if possible. > Unexpected decoding of url encoded textarea data after submission > -- > > Key: OFBIZ-12249 > URL: https://issues.apache.org/jira/browse/OFBIZ-12249 > Project: OFBiz > Issue Type: Bug >Affects Versions: Trunk >Reporter: Xin Wang >Priority: Major > Attachments: OFBIZ-12249.patch > > > When trying to add a note to WorkEffort entity, I found that url encoded > characters are unescaped, which is not expected. > e.g.: > 1. Go to page: > https://demo-trunk.ofbiz.apache.org/workeffort/control/EditWorkEffortNotes?workEffortId=TASK01 > 2. Add a note with content: https://example.com/a%20link > 3. After submission, it will turned to be: https://example.com/a link > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (OFBIZ-12253) Show WorkEffort names in FindWorkEffort page
Xin Wang created OFBIZ-12253: Summary: Show WorkEffort names in FindWorkEffort page Key: OFBIZ-12253 URL: https://issues.apache.org/jira/browse/OFBIZ-12253 Project: OFBiz Issue Type: Bug Affects Versions: Trunk Reporter: Xin Wang In FindWorkEffort page ( https://demo-trunk.ofbiz.apache.org/workeffort/control/FindWorkEffort ), "Work Effort Name" can be specified as search option, but the result table do not show it. I think it would be nice if WorkEffort names can be displayed. Actually, there are some code around there already, but do not work properly (see workEffortId field definition in ListWorkEfforts form). -- This message was sent by Atlassian Jira (v8.3.4#803005)
