[jira] [Updated] (OFBIZ-11006) Create customer request screen breaks when entering special characters (CVE-2019-10074)
[ https://issues.apache.org/jira/browse/OFBIZ-11006?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux updated OFBIZ-11006: Summary: Create customer request screen breaks when entering special characters (CVE-2019-10074) (was: Create customer request screen breaks when entering special characters) > Create customer request screen breaks when entering special characters > (CVE-2019-10074) > --- > > Key: OFBIZ-11006 > URL: https://issues.apache.org/jira/browse/OFBIZ-11006 > Project: OFBiz > Issue Type: Sub-task > Components: order >Affects Versions: Release Branch 13.07, Release Branch 14.12, Release > Branch 15.12, Release Branch 16.11, Release Branch 17.12, Release Branch 18.12 >Reporter: Scott Gray >Assignee: Scott Gray >Priority: Major > Fix For: 17.12.01, 16.11.06, 18.12.01 > > > For some reason the Create Customer Request form > (component://order/widget/ordermgr/CustRequestForms.xml) doesn't encode the > output of the "story" field. This breaks the screen when certain html or > freemarker special characters are entered into the field. > I don't see any good reason why this field in particular shouldn't be using > encoding so I'm going to enable it again. -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Updated] (OFBIZ-11006) Create customer request screen breaks when entering special characters
[ https://issues.apache.org/jira/browse/OFBIZ-11006?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux updated OFBIZ-11006: Parent: OFBIZ-1525 Issue Type: Sub-task (was: Bug) > Create customer request screen breaks when entering special characters > -- > > Key: OFBIZ-11006 > URL: https://issues.apache.org/jira/browse/OFBIZ-11006 > Project: OFBiz > Issue Type: Sub-task > Components: order >Affects Versions: Release Branch 13.07, Release Branch 14.12, Release > Branch 15.12, Release Branch 16.11, Release Branch 17.12, Release Branch 18.12 >Reporter: Scott Gray >Assignee: Scott Gray >Priority: Major > Fix For: 17.12.01, 16.11.06, 18.12.01 > > > For some reason the Create Customer Request form > (component://order/widget/ordermgr/CustRequestForms.xml) doesn't encode the > output of the "story" field. This breaks the screen when certain html or > freemarker special characters are entered into the field. > I don't see any good reason why this field in particular shouldn't be using > encoding so I'm going to enable it again. -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Updated] (OFBIZ-11006) Create customer request screen breaks when entering special characters
[ https://issues.apache.org/jira/browse/OFBIZ-11006?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux updated OFBIZ-11006: Affects Version/s: Release Branch 18.12 Release Branch 17.12 Release Branch 13.07 Release Branch 14.12 Release Branch 15.12 Release Branch 16.11 Fix Version/s: (was: Upcoming Branch) 18.12.01 16.11.06 17.12.01 > Create customer request screen breaks when entering special characters > -- > > Key: OFBIZ-11006 > URL: https://issues.apache.org/jira/browse/OFBIZ-11006 > Project: OFBiz > Issue Type: Bug > Components: order >Affects Versions: Release Branch 13.07, Release Branch 14.12, Release > Branch 15.12, Release Branch 16.11, Release Branch 17.12, Release Branch 18.12 >Reporter: Scott Gray >Assignee: Scott Gray >Priority: Major > Fix For: 17.12.01, 16.11.06, 18.12.01 > > > For some reason the Create Customer Request form > (component://order/widget/ordermgr/CustRequestForms.xml) doesn't encode the > output of the "story" field. This breaks the screen when certain html or > freemarker special characters are entered into the field. > I don't see any good reason why this field in particular shouldn't be using > encoding so I'm going to enable it again. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
