Unescaped quotes break lookup screens functionality
--------------------------------------------------- Key: OFBIZ-1133 URL: https://issues.apache.org/jira/browse/OFBIZ-1133 Project: OFBiz Issue Type: Bug Affects Versions: SVN trunk, Release Branch 4.0 Reporter: Oleg Andreyev Priority: Minor Fix For: SVN trunk Example, it's impossible to select product in LookupProductAndPrice (used in EditQuoteItem) if product internal name contains quotas or apostrophe. The reason is obvious. The script "javascript:set_values('10112', 'Test product - Monitor 17", gray')" has error, unnecessary quote. I think the problem is common. Simple solution is to remove second parameter. There is no field internalName in opener form. But it's feckless way. Have anybody suggestion how rightly correct this problem? Modify HtmlFormRenderer? Please explain me why we don't store escaped string in database. This is generally accepted solution. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
[ https://issues.apache.org/jira/browse/OFBIZ-1133?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12511373 ] Jacopo Cappellato commented on OFBIZ-1133: ------------------------------------------ Yeah, I've noticed this too. To all: do you know if there is a quick way to escape special characters in Javascript? > Unescaped quotes break lookup screens functionality > --------------------------------------------------- > > Key: OFBIZ-1133 > URL: https://issues.apache.org/jira/browse/OFBIZ-1133 > Project: OFBiz > Issue Type: Bug > Affects Versions: SVN trunk, Release Branch 4.0 > Reporter: Oleg Andreyev > Priority: Minor > Fix For: SVN trunk > > > Example, it's impossible to select product in LookupProductAndPrice (used in EditQuoteItem) if product internal name contains quotas or apostrophe. The reason is obvious. The script "javascript:set_values('10112', 'Test product - Monitor 17", gray')" has error, unnecessary quote. I think the problem is common. > Simple solution is to remove second parameter. There is no field internalName in opener form. But it's feckless way. > Have anybody suggestion how rightly correct this problem? Modify HtmlFormRenderer? > Please explain me why we don't store escaped string in database. This is generally accepted solution. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-1133?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12511388 ] David E. Jones commented on OFBIZ-1133: --------------------------------------- Just a quick note: we can't really encode this sort of string in the database, it really needs to be done in code that passes it through various types of limited string representations. In other words there are many possible string encodings such as Javascript inline string, HTML text, XML text, HTTP parameter, UTF-8 \u encoding, etc, etc. Because of all of these things we might want to do with the data, there is no one way we can encode it in the database. > Unescaped quotes break lookup screens functionality > --------------------------------------------------- > > Key: OFBIZ-1133 > URL: https://issues.apache.org/jira/browse/OFBIZ-1133 > Project: OFBiz > Issue Type: Bug > Affects Versions: SVN trunk, Release Branch 4.0 > Reporter: Oleg Andreyev > Priority: Minor > Fix For: SVN trunk > > > Example, it's impossible to select product in LookupProductAndPrice (used in EditQuoteItem) if product internal name contains quotas or apostrophe. The reason is obvious. The script "javascript:set_values('10112', 'Test product - Monitor 17", gray')" has error, unnecessary quote. I think the problem is common. > Simple solution is to remove second parameter. There is no field internalName in opener form. But it's feckless way. > Have anybody suggestion how rightly correct this problem? Modify HtmlFormRenderer? > Please explain me why we don't store escaped string in database. This is generally accepted solution. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-1133?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12511471 ] Daniel MartÃnez commented on OFBIZ-1133: ---------------------------------------- I fixed this for a custom development. The solution was to substitute the quotes with another character (I used "|") in the lookup form (through a service) and then modifying the javascript (set_multivalues) to substitute back the "|" characters by the correct apostrophe. Of course I would not use this solution for ofbiz. > Unescaped quotes break lookup screens functionality > --------------------------------------------------- > > Key: OFBIZ-1133 > URL: https://issues.apache.org/jira/browse/OFBIZ-1133 > Project: OFBiz > Issue Type: Bug > Affects Versions: SVN trunk, Release Branch 4.0 > Reporter: Oleg Andreyev > Priority: Minor > Fix For: SVN trunk > > > Example, it's impossible to select product in LookupProductAndPrice (used in EditQuoteItem) if product internal name contains quotas or apostrophe. The reason is obvious. The script "javascript:set_values('10112', 'Test product - Monitor 17", gray')" has error, unnecessary quote. I think the problem is common. > Simple solution is to remove second parameter. There is no field internalName in opener form. But it's feckless way. > Have anybody suggestion how rightly correct this problem? Modify HtmlFormRenderer? > Please explain me why we don't store escaped string in database. This is generally accepted solution. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-1133?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Christian Geisert updated OFBIZ-1133: ------------------------------------- Attachment: patch_ofbiz_LookupProductAndPrice-branch.diff patch_ofbiz_LookupProductAndPrice-trunk.diff I think the second parameter (internalName) should be removed in any case as it isn't used anywhere (and call_fieldlookup2 supports one field only...) and this will solve the problem most of the time (IDs are already checked for problematic characters at creation) I've attached a patches for trunk and branch. It seems LookupProduct has the same problem, I'll check if it's save to remove the internalName from there. > Unescaped quotes break lookup screens functionality > --------------------------------------------------- > > Key: OFBIZ-1133 > URL: https://issues.apache.org/jira/browse/OFBIZ-1133 > Project: OFBiz > Issue Type: Bug > Affects Versions: SVN trunk, Release Branch 4.0 > Reporter: Oleg Andreyev > Priority: Minor > Fix For: SVN trunk > > Attachments: patch_ofbiz_LookupProductAndPrice-branch.diff, patch_ofbiz_LookupProductAndPrice-trunk.diff > > > Example, it's impossible to select product in LookupProductAndPrice (used in EditQuoteItem) if product internal name contains quotas or apostrophe. The reason is obvious. The script "javascript:set_values('10112', 'Test product - Monitor 17", gray')" has error, unnecessary quote. I think the problem is common. > Simple solution is to remove second parameter. There is no field internalName in opener form. But it's feckless way. > Have anybody suggestion how rightly correct this problem? Modify HtmlFormRenderer? > Please explain me why we don't store escaped string in database. This is generally accepted solution. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-1133?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux reassigned OFBIZ-1133: -------------------------------------- Assignee: Jacques Le Roux > Unescaped quotes break lookup screens functionality > --------------------------------------------------- > > Key: OFBIZ-1133 > URL: https://issues.apache.org/jira/browse/OFBIZ-1133 > Project: OFBiz > Issue Type: Bug > Affects Versions: SVN trunk, Release Branch 4.0 > Reporter: Oleg Andreyev > Assignee: Jacques Le Roux > Priority: Minor > Fix For: SVN trunk > > Attachments: patch_ofbiz_LookupProductAndPrice-branch.diff, patch_ofbiz_LookupProductAndPrice-trunk.diff > > > Example, it's impossible to select product in LookupProductAndPrice (used in EditQuoteItem) if product internal name contains quotas or apostrophe. The reason is obvious. The script "javascript:set_values('10112', 'Test product - Monitor 17", gray')" has error, unnecessary quote. I think the problem is common. > Simple solution is to remove second parameter. There is no field internalName in opener form. But it's feckless way. > Have anybody suggestion how rightly correct this problem? Modify HtmlFormRenderer? > Please explain me why we don't store escaped string in database. This is generally accepted solution. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-1133?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12538691 ] Jacopo Cappellato commented on OFBIZ-1133: ------------------------------------------ I agree with Christian: we can remove the second parameter (internalName) from all the product's lookup screens. That was an old experiment that I did :-( to provide a mean to display the internal name after a product id was selected... pre-Ajax age > Unescaped quotes break lookup screens functionality > --------------------------------------------------- > > Key: OFBIZ-1133 > URL: https://issues.apache.org/jira/browse/OFBIZ-1133 > Project: OFBiz > Issue Type: Bug > Affects Versions: SVN trunk, Release Branch 4.0 > Reporter: Oleg Andreyev > Assignee: Jacques Le Roux > Priority: Minor > Fix For: SVN trunk > > Attachments: patch_ofbiz_LookupProductAndPrice-branch.diff, patch_ofbiz_LookupProductAndPrice-trunk.diff > > > Example, it's impossible to select product in LookupProductAndPrice (used in EditQuoteItem) if product internal name contains quotas or apostrophe. The reason is obvious. The script "javascript:set_values('10112', 'Test product - Monitor 17", gray')" has error, unnecessary quote. I think the problem is common. > Simple solution is to remove second parameter. There is no field internalName in opener form. But it's feckless way. > Have anybody suggestion how rightly correct this problem? Modify HtmlFormRenderer? > Please explain me why we don't store escaped string in database. This is generally accepted solution. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-1133?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacopo Cappellato reassigned OFBIZ-1133: ---------------------------------------- Assignee: Jacopo Cappellato (was: Jacques Le Roux) > Unescaped quotes break lookup screens functionality > --------------------------------------------------- > > Key: OFBIZ-1133 > URL: https://issues.apache.org/jira/browse/OFBIZ-1133 > Project: OFBiz > Issue Type: Bug > Affects Versions: SVN trunk, Release Branch 4.0 > Reporter: Oleg Andreyev > Assignee: Jacopo Cappellato > Priority: Minor > Fix For: SVN trunk > > Attachments: patch_ofbiz_LookupProductAndPrice-branch.diff, patch_ofbiz_LookupProductAndPrice-trunk.diff > > > Example, it's impossible to select product in LookupProductAndPrice (used in EditQuoteItem) if product internal name contains quotas or apostrophe. The reason is obvious. The script "javascript:set_values('10112', 'Test product - Monitor 17", gray')" has error, unnecessary quote. I think the problem is common. > Simple solution is to remove second parameter. There is no field internalName in opener form. But it's feckless way. > Have anybody suggestion how rightly correct this problem? Modify HtmlFormRenderer? > Please explain me why we don't store escaped string in database. This is generally accepted solution. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-1133?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacopo Cappellato closed OFBIZ-1133. ------------------------------------ Resolution: Fixed Fixed in 593223, 593224 (trunk) and 593225 (release branch) > Unescaped quotes break lookup screens functionality > --------------------------------------------------- > > Key: OFBIZ-1133 > URL: https://issues.apache.org/jira/browse/OFBIZ-1133 > Project: OFBiz > Issue Type: Bug > Affects Versions: SVN trunk, Release Branch 4.0 > Reporter: Oleg Andreyev > Assignee: Jacopo Cappellato > Priority: Minor > Fix For: SVN trunk > > Attachments: patch_ofbiz_LookupProductAndPrice-branch.diff, patch_ofbiz_LookupProductAndPrice-trunk.diff > > > Example, it's impossible to select product in LookupProductAndPrice (used in EditQuoteItem) if product internal name contains quotas or apostrophe. The reason is obvious. The script "javascript:set_values('10112', 'Test product - Monitor 17", gray')" has error, unnecessary quote. I think the problem is common. > Simple solution is to remove second parameter. There is no field internalName in opener form. But it's feckless way. > Have anybody suggestion how rightly correct this problem? Modify HtmlFormRenderer? > Please explain me why we don't store escaped string in database. This is generally accepted solution. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
Free forum by Nabble | Edit this page |