This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release18.12
in repository
https://gitbox.apache.org/repos/asf/ofbiz-framework.gitThe following commit(s) were added to refs/heads/release18.12 by this push:
new 191798f Improved: Prevent FreeMarker Template Injection (SSTI)
191798f is described below
commit 191798f3af3125c9229baee2813508be39644dfd
Author: Jacques Le Roux <
[hidden email]>
AuthorDate: Mon May 18 15:37:30 2020 +0200
Improved: Prevent FreeMarker Template Injection (SSTI)
(OFBIZ-11709)
Fixes a typo: module instead of MODULE
---
.../java/org/apache/ofbiz/base/util/template/FreeMarkerWorker.java | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/framework/base/src/main/java/org/apache/ofbiz/base/util/template/FreeMarkerWorker.java b/framework/base/src/main/java/org/apache/ofbiz/base/util/template/FreeMarkerWorker.java
index 20765fc..f377e05 100644
--- a/framework/base/src/main/java/org/apache/ofbiz/base/util/template/FreeMarkerWorker.java
+++ b/framework/base/src/main/java/org/apache/ofbiz/base/util/template/FreeMarkerWorker.java
@@ -35,7 +35,6 @@ import java.util.TimeZone;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
-import org.apache.ofbiz.base.component.ComponentConfig;
import org.apache.ofbiz.base.location.FlexibleLocation;
import org.apache.ofbiz.base.util.Debug;
import org.apache.ofbiz.base.util.StringUtil;
@@ -129,7 +128,7 @@ public final class FreeMarkerWorker {
newConfig.setNewBuiltinClassResolver(TemplateClassResolver.ALLOWS_NOTHING_RESOLVER);
break;
default:
- Debug.logError("Not a TemplateClassResolver.", MODULE);
+ Debug.logError("Not a TemplateClassResolver.", module);
break;
}
// Transforms properties file set up as key=transform name, property=transform class name
Locked
