[jira] Created: (OFBIZ-2231) Escaped ampersands in xml import need to be reencoded
Locked
12
12
[jira] Closed: (OFBIZ-2231) Escaped ampersands in xml import need to be reencoded
 
|
[ https://issues.apache.org/jira/browse/OFBIZ-2231?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] David E. Jones closed OFBIZ-2231. --------------------------------- Resolution: Fixed Assignee: David E. Jones (was: Jacques Le Roux) > Escaped ampersands in xml import need to be reencoded > ------------------------------------------------------ > > Key: OFBIZ-2231 > URL: https://issues.apache.org/jira/browse/OFBIZ-2231 > Project: OFBiz > Issue Type: Bug > Components: framework > Affects Versions: SVN trunk > Environment: Windows XP > Reporter: Stephen Rufle > Assignee: David E. Jones > Fix For: SVN trunk > > Attachments: 2009-03-06_WebToolsServices.patch > > > While trying to import > {code:xml} > <PostalAddress toName="To" stateProvinceGeoId="NJ" postalCode="08873" > countryGeoId="USA" contactMechId="001" city="SOMERSET" attnName="Steve" > address2="100 Some Ave" address1="First&Broadway"/> > {code} > got the following exception. I think that the recent security stuff encodes the xml so it is no longer valid during the reader.parse call in org.ofbiz.webtools.WebToolsServices.parseEntityXmlFile(...) > My solution is to make a call to > {code} > xmltext= StringUtil.replaceString(xmltext, "&", "\&"); > {code} > before reader.parse is called > {code} > An error occurred saving the data, rolling back transaction (true) > Exception: org.xml.sax.SAXException > Message: Error storing value > ---- stack trace --------------------------------------------------------------- > org.ofbiz.entity.GenericEntityException: Error while inserting: > [GenericEntity:PartyRelationship]... > javolution.xml.sax.XMLReaderImpl.parseAll(Unknown Source) > javolution.xml.sax.XMLReaderImpl.parse(Unknown Source) > org.ofbiz.entity.util.EntitySaxReader.parse(EntitySaxReader.java:258) > org.ofbiz.entity.util.EntitySaxReader.parse(EntitySaxReader.java:209) > org.ofbiz.webtools.WebToolsServices.parseEntityXmlFile(WebToolsServices.java:459) > sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) > sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) > java.lang.reflect.Method.invoke(Unknown Source) > org.ofbiz.service.engine.StandardJavaEngine.serviceInvoker(StandardJavaEngine.java:96) > org.ofbiz.service.engine.StandardJavaEngine.runSync(StandardJavaEngine.java:54) > org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:384) > org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:213) > org.ofbiz.service.GenericDispatcher.runSync(GenericDispatcher.java:148) > org.ofbiz.webtools.WebToolsServices.entityImport(WebToolsServices.java:203) > sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) > sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) > java.lang.reflect.Method.invoke(Unknown Source) > org.ofbiz.service.engine.StandardJavaEngine.serviceInvoker(StandardJavaEngine.java:96) > org.ofbiz.service.engine.StandardJavaEngine.runSync(StandardJavaEngine.java:54) > org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:384) > org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:213) > org.ofbiz.service.GenericDispatcher.runSync(GenericDispatcher.java:148) > org.ofbiz.webapp.event.ServiceEventHandler.invoke(ServiceEventHandler.java:328) > org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:530) > org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:328) > org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:201) > org.ofbiz.webapp.control.ControlServlet.doPost(ControlServlet.java:77) > javax.servlet.http.HttpServlet.service(HttpServlet.java:710) > javax.servlet.http.HttpServlet.service(HttpServlet.java:803) > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:259) > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568) > org.ofbiz.catalina.container.CrossSubdomainSessionValve.invoke(CrossSubdomainSessionValve.java:44) > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) > java.lang.Thread.run(Unknown Source) > --------------------------------------------------------------- > {code} -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
[jira] Commented: (OFBIZ-2231) Escaped ampersands in xml import need to be reencoded
|
|
In reply to this post by Nicolas Malin (Jira)
[ https://issues.apache.org/jira/browse/OFBIZ-2231?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12688211#action_12688211 ] David E. Jones commented on OFBIZ-2231: --------------------------------------- This should be fixed along with related issues in SVN rev 757318. Please see the commit log for a summary of what fixed this. Some general comments: in the future PLEASE focus on steps to reproduce rather than conjecture on how to fix the problem. No where in this report does it mention that this is only a problem for the import through the "xmltext" field on the EntityImport page, although looking at the stack trace made it clear that it was coming through the request so I tried it there and was able to reproduce the problem. As to why your (Stephen's) proposed fix was not acceptable: please consider that there is a reason why the XML syntax requires ampersands and other characters to be encoded like this. If we added something that encoded ALL ampersands, and not just the ones with in quotes, then ampersands in other places that should NOT be encoded would also get encoded, breaking other things. It's really that simple, just comes down to the syntax rules and we can't willy nilly encode things, or even figure out which should and shouldn't be encoded because that's the whole point of the syntax requiring encoded (ie to distinguish them), so once that's lost... we're hosed! > Escaped ampersands in xml import need to be reencoded > ------------------------------------------------------ > > Key: OFBIZ-2231 > URL: https://issues.apache.org/jira/browse/OFBIZ-2231 > Project: OFBiz > Issue Type: Bug > Components: framework > Affects Versions: SVN trunk > Environment: Windows XP > Reporter: Stephen Rufle > Assignee: Jacques Le Roux > Fix For: SVN trunk > > Attachments: 2009-03-06_WebToolsServices.patch > > > While trying to import > {code:xml} > <PostalAddress toName="To" stateProvinceGeoId="NJ" postalCode="08873" > countryGeoId="USA" contactMechId="001" city="SOMERSET" attnName="Steve" > address2="100 Some Ave" address1="First&Broadway"/> > {code} > got the following exception. I think that the recent security stuff encodes the xml so it is no longer valid during the reader.parse call in org.ofbiz.webtools.WebToolsServices.parseEntityXmlFile(...) > My solution is to make a call to > {code} > xmltext= StringUtil.replaceString(xmltext, "&", "\&"); > {code} > before reader.parse is called > {code} > An error occurred saving the data, rolling back transaction (true) > Exception: org.xml.sax.SAXException > Message: Error storing value > ---- stack trace --------------------------------------------------------------- > org.ofbiz.entity.GenericEntityException: Error while inserting: > [GenericEntity:PartyRelationship]... > javolution.xml.sax.XMLReaderImpl.parseAll(Unknown Source) > javolution.xml.sax.XMLReaderImpl.parse(Unknown Source) > org.ofbiz.entity.util.EntitySaxReader.parse(EntitySaxReader.java:258) > org.ofbiz.entity.util.EntitySaxReader.parse(EntitySaxReader.java:209) > org.ofbiz.webtools.WebToolsServices.parseEntityXmlFile(WebToolsServices.java:459) > sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) > sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) > java.lang.reflect.Method.invoke(Unknown Source) > org.ofbiz.service.engine.StandardJavaEngine.serviceInvoker(StandardJavaEngine.java:96) > org.ofbiz.service.engine.StandardJavaEngine.runSync(StandardJavaEngine.java:54) > org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:384) > org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:213) > org.ofbiz.service.GenericDispatcher.runSync(GenericDispatcher.java:148) > org.ofbiz.webtools.WebToolsServices.entityImport(WebToolsServices.java:203) > sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) > sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) > java.lang.reflect.Method.invoke(Unknown Source) > org.ofbiz.service.engine.StandardJavaEngine.serviceInvoker(StandardJavaEngine.java:96) > org.ofbiz.service.engine.StandardJavaEngine.runSync(StandardJavaEngine.java:54) > org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:384) > org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:213) > org.ofbiz.service.GenericDispatcher.runSync(GenericDispatcher.java:148) > org.ofbiz.webapp.event.ServiceEventHandler.invoke(ServiceEventHandler.java:328) > org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:530) > org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:328) > org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:201) > org.ofbiz.webapp.control.ControlServlet.doPost(ControlServlet.java:77) > javax.servlet.http.HttpServlet.service(HttpServlet.java:710) > javax.servlet.http.HttpServlet.service(HttpServlet.java:803) > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:259) > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568) > org.ofbiz.catalina.container.CrossSubdomainSessionValve.invoke(CrossSubdomainSessionValve.java:44) > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) > java.lang.Thread.run(Unknown Source) > --------------------------------------------------------------- > {code} -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. |
«
Return to OFBiz - Dev
|
1 view|%1 views
| Free forum by Nabble | Edit this page |