This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git The following commit(s) were added to refs/heads/trunk by this push: new e7b3169 Improved: Rename some connoted words like blacklist and whitelist (OFBIZ-12168) e7b3169 is described below commit e7b3169d03b822bcbf4f522b2eeb4bcef790c563 Author: Jacques Le Roux <[hidden email]> AuthorDate: Tue Feb 9 09:55:39 2021 +0100 Improved: Rename some connoted words like blacklist and whitelist (OFBIZ-12168) Renames respectively blacklist and whitelist to denylist and allowlist in several places. There are still a lot of master word which can be replaced by main, but not in contexts where slave is also used. I'll discuss that on dev ML again... Provides the migrateOldOrderBlacklistAndOldOrderBlacklistType service to migrate records from OrderBlacklist and OrderBlacklistType entities to new OrderDenylist and OrderDenylistType entities --- applications/datamodel/data/seed/OrderSeedData.xml | 8 ++-- .../datamodel/entitydef/order-entitymodel.xml | 29 +++++++++++--- applications/order/config/OrderEntityLabels.xml | 40 +++++++++---------- applications/order/ofbiz-component.xml | 1 + applications/order/servicedef/services_order.xml | 20 +++++----- applications/order/servicedef/services_upgrade.xml | 32 +++++++++++++++ .../ofbiz/order/OrderBlacklistServices.groovy | 46 ++++++++++++++++++++++ .../ofbiz/order/shoppingcart/CheckOutEvents.java | 8 ++-- .../ofbiz/order/shoppingcart/CheckOutHelper.java | 32 +++++++-------- .../order/webapp/ordermgr/WEB-INF/controller.xml | 14 +++---- .../base/config/SafeObjectInputStream.properties | 2 +- .../ofbiz/base/util/SafeObjectInputStream.java | 12 +++--- .../apache/ofbiz/webapp/control/ControlFilter.java | 4 +- 13 files changed, 173 insertions(+), 75 deletions(-) diff --git a/applications/datamodel/data/seed/OrderSeedData.xml b/applications/datamodel/data/seed/OrderSeedData.xml index 6210505..106a613 100644 --- a/applications/datamodel/data/seed/OrderSeedData.xml +++ b/applications/datamodel/data/seed/OrderSeedData.xml @@ -51,10 +51,10 @@ under the License. <OrderAdjustmentType description="Marketing Package Adjustment" hasTable="N" orderAdjustmentTypeId="MKTG_PKG_AUTO_ADJUST"/> <OrderAdjustmentType description="Deposit" hasTable="N" orderAdjustmentTypeId="DEPOSIT_ADJUSTMENT"/> - <OrderBlacklistType orderBlacklistTypeId="BLACKLIST_ADDRESS" description="Addresss"/> - <OrderBlacklistType orderBlacklistTypeId="BLACKLIST_CREDITCARD" description="Credit Card"/> - <OrderBlacklistType orderBlacklistTypeId="BLACKLIST_EMAIL" description="E-Mail"/> - <OrderBlacklistType orderBlacklistTypeId="BLACKLIST_PHONE" description="Phone Number"/> + <OrderDenylistType orderDenylistTypeId="DENYLIST_ADDRESS" description="Addresss"/> + <OrderDenylistType orderDenylistTypeId="DENYLIST_CREDITCARD" description="Credit Card"/> + <OrderDenylistType orderDenylistTypeId="DENYLIST_EMAIL" description="E-Mail"/> + <OrderDenylistType orderDenylistTypeId="DENYLIST_PHONE" description="Phone Number"/> <OrderItemType description="Purchase Order Specific" hasTable="N" orderItemTypeId="PURCHASE_SPECIFIC"/> <OrderItemType description="PO: Inventory" hasTable="N" orderItemTypeId="INVENTORY_ORDER_ITEM" parentTypeId="PURCHASE_SPECIFIC"/> diff --git a/applications/datamodel/entitydef/order-entitymodel.xml b/applications/datamodel/entitydef/order-entitymodel.xml index 086bded..839cd37 100644 --- a/applications/datamodel/entitydef/order-entitymodel.xml +++ b/applications/datamodel/entitydef/order-entitymodel.xml @@ -242,18 +242,18 @@ under the License. <key-map field-name="attrName"/> </relation> </entity> - <entity entity-name="OrderBlacklist" + <entity entity-name="OldOrderBlacklist" table-name="ORDER_BLACKLIST" package-name="org.apache.ofbiz.order.order" title="Order Blacklist"> <field name="blacklistString" type="long-varchar"></field> <field name="orderBlacklistTypeId" type="id"></field> <prim-key field="blacklistString"/> <prim-key field="orderBlacklistTypeId"/> - <relation type="one" fk-name="ORDER_BKL_TYPE" rel-entity-name="OrderBlacklistType"> + <relation type="one" fk-name="ORDER_BKL_TYPE" rel-entity-name="OldOrderBlacklistType"> <key-map field-name="orderBlacklistTypeId"/> </relation> </entity> - <entity entity-name="OrderBlacklistType" + <entity entity-name="OldOrderBlacklistType" table-name="ORDER_BLACKLIST_TYPE" package-name="org.apache.ofbiz.order.order" default-resource-name="OrderEntityLabels" title="Order Blacklist Type"> @@ -261,6 +261,25 @@ under the License. <field name="description" type="description"></field> <prim-key field="orderBlacklistTypeId"/> </entity> + <entity entity-name="OrderDenylist" + package-name="org.apache.ofbiz.order.order" + title="Order Denylist"> + <field name="denylistString" type="long-varchar"></field> + <field name="orderDenylistTypeId" type="id"></field> + <prim-key field="denylistString"/> + <prim-key field="orderDenylistTypeId"/> + <relation type="one" fk-name="ORDER_BKL_TYPE" rel-entity-name="OrderDenylistType"> + <key-map field-name="orderDenylistTypeId"/> + </relation> + </entity> + <entity entity-name="OrderDenylistType" + package-name="org.apache.ofbiz.order.order" + default-resource-name="OrderEntityLabels" + title="Order Denylist Type"> + <field name="orderDenylistTypeId" type="id"></field> + <field name="description" type="description"></field> + <prim-key field="orderDenylistTypeId"/> + </entity> <entity entity-name="CommunicationEventOrder" package-name="org.apache.ofbiz.order.order" title="Communication Event Order"> @@ -604,7 +623,7 @@ under the License. </relation> <relation type="one" fk-name="ORDER_ITEM_USRLGN" title="ChangeBy" rel-entity-name="UserLogin"> <key-map field-name="changeByUserLoginId" rel-field-name="userLoginId"/> - </relation> + </relation> <index name="ORDITMEXT_ID_IDX"> <index-field name="externalId"/> </index> @@ -3076,4 +3095,4 @@ under the License. <key-map field-name="productId"/> </view-link> </view-entity> -</entitymodel> \ No newline at end of file +</entitymodel> diff --git a/applications/order/config/OrderEntityLabels.xml b/applications/order/config/OrderEntityLabels.xml index 491ff24..971ba93 100644 --- a/applications/order/config/OrderEntityLabels.xml +++ b/applications/order/config/OrderEntityLabels.xml @@ -445,60 +445,60 @@ <value xml:lang="zh">保修</value> <value xml:lang="zh-TW">保修</value> </property> - <property key="OrderBlacklistType.description.BLACKLIST_ADDRESS"> + <property key="OrderDenylistType.description.DENYLIST_ADDRESS"> <value xml:lang="ar">عنوان قائمة سوداء</value> - <value xml:lang="de">Blacklist Adressen</value> - <value xml:lang="en">Blacklist Address</value> + <value xml:lang="de">Denylist Adressen</value> + <value xml:lang="en">Denylist Address</value> <value xml:lang="es">Dirección bloqueada</value> <value xml:lang="fr">Mettre l'adresse en liste noire</value> - <value xml:lang="it">Indirizzo blacklist</value> + <value xml:lang="it">Indirizzo denylist</value> <value xml:lang="ja">ブラックリスト住所</value> - <value xml:lang="nl">Blacklist - Adres</value> + <value xml:lang="nl">Denylist - Adres</value> <value xml:lang="pt-BR">Lista negra de endereços</value> <value xml:lang="th">ที่อยู่</value> <value xml:lang="vi">Địa chỉ Danh sách đen</value> <value xml:lang="zh">地址黑名单</value> <value xml:lang="zh-TW">位址黑名單</value> </property> - <property key="OrderBlacklistType.description.BLACKLIST_CREDITCARD"> + <property key="OrderDenylistType.description.DENYLIST_CREDITCARD"> <value xml:lang="ar">بطاقة إئتمانية قائمة سوداء</value> - <value xml:lang="de">Blacklist Kreditkarte</value> - <value xml:lang="en">Blacklist Credit Card</value> + <value xml:lang="de">Denylist Kreditkarte</value> + <value xml:lang="en">Denylist Credit Card</value> <value xml:lang="es">Tarjeta de crédito bloqueada</value> <value xml:lang="fr">Mettre la carte de crédit en liste noire</value> - <value xml:lang="it">Blacklist carta di credito</value> + <value xml:lang="it">Denylist carta di credito</value> <value xml:lang="ja">ブラックリストクレジットカード</value> - <value xml:lang="nl">Blacklist - Kredietkaart</value> + <value xml:lang="nl">Denylist - Kredietkaart</value> <value xml:lang="pt-BR">Lista negra de cartões de crédito</value> <value xml:lang="th">บัตรเครดิต</value> <value xml:lang="vi">Danh sách đen thẻ tín dụng</value> <value xml:lang="zh">信用卡黑名单</value> <value xml:lang="zh-TW">信用卡黑名單</value> </property> - <property key="OrderBlacklistType.description.BLACKLIST_EMAIL"> + <property key="OrderDenylistType.description.DENYLIST_EMAIL"> <value xml:lang="ar">بريد إلكتروني قائمة سوداء</value> - <value xml:lang="de">Blacklist E-Mail</value> - <value xml:lang="en">Blacklist Email</value> + <value xml:lang="de">Denylist E-Mail</value> + <value xml:lang="en">Denylist Email</value> <value xml:lang="es">Email bloqueado</value> <value xml:lang="fr">Mettre l'addresse de courriel en liste noire</value> - <value xml:lang="it">Email blacklist</value> + <value xml:lang="it">Email denylist</value> <value xml:lang="ja">ブラックリストEメール</value> - <value xml:lang="nl">Blacklist - Email</value> + <value xml:lang="nl">Denylist - Email</value> <value xml:lang="pt-BR">Lista negra de e-mails</value> <value xml:lang="th">อีเมล</value> <value xml:lang="vi">Danh sách đen thư điện tử</value> <value xml:lang="zh">电子邮件黑名单</value> <value xml:lang="zh-TW">電子郵件黑名單</value> </property> - <property key="OrderBlacklistType.description.BLACKLIST_PHONE"> + <property key="OrderDenylistType.description.DENYLIST_PHONE"> <value xml:lang="ar">هاتف قائمة سوداء</value> - <value xml:lang="de">Blacklist Telefon</value> - <value xml:lang="en">Blacklist Phone</value> + <value xml:lang="de">Denylist Telefon</value> + <value xml:lang="en">Denylist Phone</value> <value xml:lang="es">Teléfono bloqueado</value> <value xml:lang="fr">Mettre le n° de téléphone en liste noire</value> - <value xml:lang="it">Telefono blacklist</value> + <value xml:lang="it">Telefono denylist</value> <value xml:lang="ja">ブラックリスト電話番号</value> - <value xml:lang="nl">Blacklist - Telefoon</value> + <value xml:lang="nl">Denylist - Telefoon</value> <value xml:lang="pt-BR">Lista negra de telefones</value> <value xml:lang="th">หมายเลขโทรศัพท์</value> <value xml:lang="vi">Danh sách đen số điện thoại</value> diff --git a/applications/order/ofbiz-component.xml b/applications/order/ofbiz-component.xml index 34db95f..7fc3a3a 100644 --- a/applications/order/ofbiz-component.xml +++ b/applications/order/ofbiz-component.xml @@ -45,6 +45,7 @@ under the License. <service-resource type="model" loader="main" location="servicedef/services_return.xml"/> <service-resource type="model" loader="main" location="servicedef/services_checkout.xml"/> <service-resource type="model" loader="main" location="servicedef/services_perm.xml"/> + <service-resource type="model" loader="main" location="servicedef/services_upgrade.xml"/> <service-resource type="eca" loader="main" location="servicedef/secas.xml"/> <test-suite loader="main" location="testdef/FinAccountTests.xml"/> diff --git a/applications/order/servicedef/services_order.xml b/applications/order/servicedef/services_order.xml index ac29188..888359b 100644 --- a/applications/order/servicedef/services_order.xml +++ b/applications/order/servicedef/services_order.xml @@ -69,27 +69,27 @@ under the License. <description>Delete an OrderAttribute record</description> <auto-attributes include="pk" mode="IN"/> </service> - <service name="createOrderBlacklist" default-entity-name="OrderBlacklist" engine="entity-auto" invoke="create" auth="true"> - <description>Create an OrderBlacklist record</description> + <service name="createOrderDenylist" default-entity-name="OrderDenylist" engine="entity-auto" invoke="create" auth="true"> + <description>Create an OrderDenylist record</description> <auto-attributes include="pk" mode="IN"/> <auto-attributes include="nonpk" mode="IN" optional="true"/> </service> - <service name="deleteOrderBlacklist" default-entity-name="OrderBlacklist" engine="entity-auto" invoke="delete" auth="true"> - <description>Delete an OrderBlacklist record</description> + <service name="deleteOrderDenylist" default-entity-name="OrderDenylist" engine="entity-auto" invoke="delete" auth="true"> + <description>Delete an OrderDenylist record</description> <auto-attributes include="pk" mode="IN"/> </service> - <service name="createOrderBlacklistType" default-entity-name="OrderBlacklistType" engine="entity-auto" invoke="create" auth="true"> - <description>Create an OrderBlacklistType record</description> + <service name="createOrderDenylistType" default-entity-name="OrderDenylistType" engine="entity-auto" invoke="create" auth="true"> + <description>Create an OrderDenylistType record</description> <auto-attributes include="pk" mode="INOUT" optional="true"/> <auto-attributes include="nonpk" mode="IN" optional="true"/> </service> - <service name="updateOrderBlacklistType" default-entity-name="OrderBlacklistType" engine="entity-auto" invoke="update" auth="true"> - <description>Update an OrderBlacklistType record</description> + <service name="updateOrderDenylistType" default-entity-name="OrderDenylistType" engine="entity-auto" invoke="update" auth="true"> + <description>Update an OrderDenylistType record</description> <auto-attributes include="pk" mode="IN"/> <auto-attributes include="nonpk" mode="IN" optional="true"/> </service> - <service name="deleteOrderBlacklistType" default-entity-name="OrderBlacklistType" engine="entity-auto" invoke="delete" auth="true"> - <description>Delete an OrderBlacklistType record</description> + <service name="deleteOrderDenylistType" default-entity-name="OrderDenylistType" engine="entity-auto" invoke="delete" auth="true"> + <description>Delete an OrderDenylistType record</description> <auto-attributes include="pk" mode="IN"/> </service> diff --git a/applications/order/servicedef/services_upgrade.xml b/applications/order/servicedef/services_upgrade.xml new file mode 100644 index 0000000..5123d29 --- /dev/null +++ b/applications/order/servicedef/services_upgrade.xml @@ -0,0 +1,32 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> + +<services xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:noNamespaceSchemaLocation="http://ofbiz.apache.org/dtds/services.xsd"> + <description>Order Component Services for upgrading data in existing DB</description> + <vendor>OFBiz</vendor> + <version>1.0</version> + + + <service name="migrateOldOrderBlacklistAndOldOrderBlacklistType" engine="groovy" + location="component://order/src/main/groovy/org/apache/ofbiz/order/OrderBlacklistServices.groovy" invoke="migrateOldOrderBlacklistAndOldOrderBlacklistType" auth="true"> + <description>Migration service to convert entries from OldOrderBlacklist and OldOrderBlacklistType to respectively OrderDenylist and OrderDenylistType entities</description> + </service> +</services> diff --git a/applications/order/src/main/groovy/org/apache/ofbiz/order/OrderBlacklistServices.groovy b/applications/order/src/main/groovy/org/apache/ofbiz/order/OrderBlacklistServices.groovy new file mode 100644 index 0000000..7d7252b --- /dev/null +++ b/applications/order/src/main/groovy/org/apache/ofbiz/order/OrderBlacklistServices.groovy @@ -0,0 +1,46 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License") you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import org.apache.ofbiz.entity.GenericValue + +/* + * Migrate all elements present on OldOrderBlacklist and OldOrderBlacklistType to respectively OrderDenylist and OrderDenylistType entities + * Update service for Deprecate since: branch release + */ +def migrateOldOrderBlacklistAndOldOrderBlacklistType() { + List<GenericValue> oldOrderBlacklist = delegator.findAll("OldOrderBlacklist", false) + oldOrderBlacklist.each { + GenericValue OrderDenylist = makeValue("OrderDenylist") + OrderDenylist.blacklistString = it.blacklistString + OrderDenylist.orderBlacklistTypeId = it.orderBlacklistTypeId + OrderDenylist.create() + it.remove() + } + + List<GenericValue> oldOrderBlacklistType = delegator.findAll("OldOrderBlacklistType", false) + oldOrderBlacklist.each { + GenericValue OrderDenylistType = makeValue("OrderDenylistType") + orderBlacklist.orderBlacklistTypeId = it.orderBlacklistTypeId + OrderDenylistType.description = it.description + OrderDenylistType.create() + it.remove() + } + + return success() +} diff --git a/applications/order/src/main/java/org/apache/ofbiz/order/shoppingcart/CheckOutEvents.java b/applications/order/src/main/java/org/apache/ofbiz/order/shoppingcart/CheckOutEvents.java index e56fef6..2671ea3 100644 --- a/applications/order/src/main/java/org/apache/ofbiz/order/shoppingcart/CheckOutEvents.java +++ b/applications/order/src/main/java/org/apache/ofbiz/order/shoppingcart/CheckOutEvents.java @@ -634,14 +634,14 @@ public class CheckOutEvents { return (callResult.get(ModelService.RESPONSE_MESSAGE).equals(ModelService.RESPOND_SUCCESS)); } - public static String checkOrderBlacklist(HttpServletRequest request, HttpServletResponse response) { + public static String checkOrderDenylist(HttpServletRequest request, HttpServletResponse response) { HttpSession session = request.getSession(); ShoppingCart cart = (ShoppingCart) session.getAttribute("shoppingCart"); Delegator delegator = (Delegator) request.getAttribute("delegator"); CheckOutHelper checkOutHelper = new CheckOutHelper(null, delegator, cart); String result; - Map<String, Object> callResult = checkOutHelper.checkOrderBlackList(); + Map<String, Object> callResult = checkOutHelper.checkOrderDenyList(); if (callResult.get(ModelService.RESPONSE_MESSAGE).equals(ModelService.RESPOND_ERROR)) { request.setAttribute("_ERROR_MESSAGE_", callResult.get(ModelService.ERROR_MESSAGE)); result = "error"; @@ -655,7 +655,7 @@ public class CheckOutEvents { return result; } - public static String failedBlacklistCheck(HttpServletRequest request, HttpServletResponse response) { + public static String failedDenylistCheck(HttpServletRequest request, HttpServletResponse response) { HttpSession session = request.getSession(); ShoppingCart cart = (ShoppingCart) session.getAttribute("shoppingCart"); Delegator delegator = (Delegator) request.getAttribute("delegator"); @@ -668,7 +668,7 @@ public class CheckOutEvents { // Load the properties store GenericValue productStore = ProductStoreWorker.getProductStore(cart.getProductStoreId(), delegator); CheckOutHelper checkOutHelper = new CheckOutHelper(dispatcher, delegator, cart); - Map<String, Object> callResult = checkOutHelper.failedBlacklistCheck(userLogin, productStore); + Map<String, Object> callResult = checkOutHelper.failedDenylistCheck(userLogin, productStore); //Generate any messages required ServiceUtil.getMessages(request, callResult, null); diff --git a/applications/order/src/main/java/org/apache/ofbiz/order/shoppingcart/CheckOutHelper.java b/applications/order/src/main/java/org/apache/ofbiz/order/shoppingcart/CheckOutHelper.java index 75a3433..c031b07 100644 --- a/applications/order/src/main/java/org/apache/ofbiz/order/shoppingcart/CheckOutHelper.java +++ b/applications/order/src/main/java/org/apache/ofbiz/order/shoppingcart/CheckOutHelper.java @@ -1381,7 +1381,7 @@ public class CheckOutHelper { * Check order black list map. * @return the map */ - public Map<String, Object> checkOrderBlackList() { + public Map<String, Object> checkOrderDenyList() { if (cart == null) { return ServiceUtil.returnSuccess("success"); } @@ -1392,10 +1392,10 @@ public class CheckOutHelper { String shippingAddress = UtilFormatOut.checkNull(shippingAddressObj.getString("address1")).toUpperCase(Locale.getDefault()); shippingAddress = UtilFormatOut.makeSqlSafe(shippingAddress); List<EntityExpr> exprs = UtilMisc.toList(EntityCondition.makeCondition( - EntityCondition.makeCondition(EntityFunction.UPPER_FIELD("blacklistString"), EntityOperator.EQUALS, + EntityCondition.makeCondition(EntityFunction.UPPER_FIELD("denylistString"), EntityOperator.EQUALS, EntityFunction.UPPER(shippingAddress)), EntityOperator.AND, - EntityCondition.makeCondition("orderBlacklistTypeId", EntityOperator.EQUALS, "BLACKLIST_ADDRESS"))); + EntityCondition.makeCondition("orderDenylistTypeId", EntityOperator.EQUALS, "DENYLIST_ADDRESS"))); String errMsg = null; List<GenericValue> paymentMethods = this.cart.getPaymentMethods(); @@ -1416,55 +1416,55 @@ public class CheckOutHelper { if (creditCard != null) { String creditCardNumber = UtilFormatOut.checkNull(creditCard.getString("cardNumber")); exprs.add(EntityCondition.makeCondition( - EntityCondition.makeCondition("blacklistString", EntityOperator.EQUALS, creditCardNumber), EntityOperator.AND, - EntityCondition.makeCondition("orderBlacklistTypeId", EntityOperator.EQUALS, "BLACKLIST_CREDITCARD"))); + EntityCondition.makeCondition("denylistString", EntityOperator.EQUALS, creditCardNumber), EntityOperator.AND, + EntityCondition.makeCondition("orderDenylistTypeId", EntityOperator.EQUALS, "DENYLIST_CREDITCARD"))); } if (billingAddress != null) { String address = UtilFormatOut.checkNull(billingAddress.getString("address1").toUpperCase(Locale.getDefault())); address = UtilFormatOut.makeSqlSafe(address); exprs.add(EntityCondition.makeCondition( - EntityCondition.makeCondition(EntityFunction.UPPER_FIELD("blacklistString"), EntityOperator.EQUALS, + EntityCondition.makeCondition(EntityFunction.UPPER_FIELD("denylistString"), EntityOperator.EQUALS, EntityFunction.UPPER(address)), EntityOperator.AND, - EntityCondition.makeCondition("orderBlacklistTypeId", EntityOperator.EQUALS, "BLACKLIST_ADDRESS"))); + EntityCondition.makeCondition("orderDenylistTypeId", EntityOperator.EQUALS, "DENYLIST_ADDRESS"))); } } } - List<GenericValue> blacklistFound = null; + List<GenericValue> denylistFound = null; if (!exprs.isEmpty()) { try { - blacklistFound = EntityQuery.use(this.delegator).from("OrderBlacklist").where(exprs).queryList(); + denylistFound = EntityQuery.use(this.delegator).from("OrderDenylist").where(exprs).queryList(); } catch (GenericEntityException e) { - Debug.logError(e, "Problems with OrderBlacklist lookup.", MODULE); + Debug.logError(e, "Problems with OrderDenylist lookup.", MODULE); errMsg = UtilProperties.getMessage(RES_ERROR, "checkhelper.problems_reading_database", cart.getLocale()); return ServiceUtil.returnError(errMsg); } } - if (UtilValidate.isNotEmpty(blacklistFound)) { + if (UtilValidate.isNotEmpty(denylistFound)) { return ServiceUtil.returnFailure(UtilProperties.getMessage(RES_ERROR, "OrderFailed", cart.getLocale())); } return ServiceUtil.returnSuccess("success"); } /** - * Check order blacklist map. + * Check order denylist map. * @param userLogin the user login * @return the map */ @Deprecated - public Map<String, Object> checkOrderBlacklist(GenericValue userLogin) { - return checkOrderBlackList(); + public Map<String, Object> checkOrderDenylist(GenericValue userLogin) { + return checkOrderDenyList(); } /** - * Failed blacklist check map. + * Failed denylist check map. * @param userLogin the user login * @param productStore the product store * @return the map */ - public Map<String, Object> failedBlacklistCheck(GenericValue userLogin, GenericValue productStore) { + public Map<String, Object> failedDenylistCheck(GenericValue userLogin, GenericValue productStore) { Map<String, Object> result; String errMsg = null; String rejectMessage = productStore.getString("authFraudMessage"); diff --git a/applications/order/webapp/ordermgr/WEB-INF/controller.xml b/applications/order/webapp/ordermgr/WEB-INF/controller.xml index f8cc97a..df18ed1 100644 --- a/applications/order/webapp/ordermgr/WEB-INF/controller.xml +++ b/applications/order/webapp/ordermgr/WEB-INF/controller.xml @@ -996,21 +996,21 @@ under the License. <request-map uri="processorder"> <security https="true" auth="true"/> <event type="java" path="org.apache.ofbiz.order.shoppingcart.CheckOutEvents" invoke="createOrder"/> - <response name="sales_order" type="request" value="checkBlackList"/> - <response name="work_order" type="request" value="checkBlackList"/> + <response name="sales_order" type="request" value="checkDenyList"/> + <response name="work_order" type="request" value="checkDenyList"/> <response name="purchase_order" type="request" value="clearpocart"/> <response name="error" type="view" value="confirm"/> </request-map> - <request-map uri="checkBlackList"> + <request-map uri="checkDenyList"> <security direct-request="false"/> - <event type="java" path="org.apache.ofbiz.order.shoppingcart.CheckOutEvents" invoke="checkOrderBlacklist"/> + <event type="java" path="org.apache.ofbiz.order.shoppingcart.CheckOutEvents" invoke="checkOrderDenylist"/> <response name="success" type="request" value="processpayment"/> - <response name="failed" type="request" value="failedBlacklist"/> + <response name="failed" type="request" value="failedDenylist"/> <response name="error" type="view" value="confirm"/> </request-map> - <request-map uri="failedBlacklist"> + <request-map uri="failedDenylist"> <security direct-request="false"/> - <event type="java" path="org.apache.ofbiz.order.shoppingcart.CheckOutEvents" invoke="failedBlacklistCheck"/> + <event type="java" path="org.apache.ofbiz.order.shoppingcart.CheckOutEvents" invoke="failedDenylistCheck"/> <response name="success" type="view" value="main"/> <response name="error" type="view" value="main"/> </request-map> diff --git a/framework/base/config/SafeObjectInputStream.properties b/framework/base/config/SafeObjectInputStream.properties index 548eab7..ca6c829 100644 --- a/framework/base/config/SafeObjectInputStream.properties +++ b/framework/base/config/SafeObjectInputStream.properties @@ -18,7 +18,7 @@ ############################################################################### # Because of OFBIZ-10837 - Improve ObjectInputStream class. -# If you encounter a related issue (object not in the whitelist), +# If you encounter a related issue (object not in the allowlist), # you must provide a complete list of objects to pass to ObjectInputStream # through ListOfSafeObjectsForInputStream property # As an example, the a complete list of objects used by OFBiz OOTB is here. diff --git a/framework/base/src/main/java/org/apache/ofbiz/base/util/SafeObjectInputStream.java b/framework/base/src/main/java/org/apache/ofbiz/base/util/SafeObjectInputStream.java index c18708c..e846081 100644 --- a/framework/base/src/main/java/org/apache/ofbiz/base/util/SafeObjectInputStream.java +++ b/framework/base/src/main/java/org/apache/ofbiz/base/util/SafeObjectInputStream.java @@ -36,14 +36,14 @@ import java.util.regex.Pattern; * only authorized class can be read from it. */ public final class SafeObjectInputStream extends ObjectInputStream { - private static final String[] DEFAULT_WHITELIST_PATTERN = { + private static final String[] DEFAULT_ALLOWLIST_PATTERN = { "byte\\[\\]", "foo", "SerializationInjector", "\\[Z", "\\[B", "\\[S", "\\[I", "\\[J", "\\[F", "\\[D", "\\[C", "java..*", "sun.util.calendar..*", "org.apache.ofbiz..*", "org.codehaus.groovy.runtime.GStringImpl", "groovy.lang.GString"}; /** The regular expression used to match serialized types. */ - private final Pattern whitelistPattern; + private final Pattern allowlistPattern; /** * Instantiates a safe object input stream. @@ -53,8 +53,8 @@ public final class SafeObjectInputStream extends ObjectInputStream { public SafeObjectInputStream(InputStream in) throws IOException { super(in); String safeObjectsProp = getPropertyValue("SafeObjectInputStream", "ListOfSafeObjectsForInputStream", ""); - String[] whitelist = safeObjectsProp.isEmpty() ? DEFAULT_WHITELIST_PATTERN : safeObjectsProp.split(","); - whitelistPattern = Arrays.stream(whitelist) + String[] allowlist = safeObjectsProp.isEmpty() ? DEFAULT_ALLOWLIST_PATTERN : safeObjectsProp.split(","); + allowlistPattern = Arrays.stream(allowlist) .map(String::trim) .filter(str -> !str.isEmpty()) .collect(collectingAndThen(joining("|", "(", ")"), Pattern::compile)); @@ -63,7 +63,7 @@ public final class SafeObjectInputStream extends ObjectInputStream { @Override protected Class<?> resolveClass(ObjectStreamClass classDesc) throws IOException, ClassNotFoundException { String className = classDesc.getName(); - // BlackList exploits; eg: don't allow RMI here + // DenyList exploits; eg: don't allow RMI here if (className.contains("java.rmi.server")) { Debug.logWarning("***Incompatible class***: " + classDesc.getName() @@ -71,7 +71,7 @@ public final class SafeObjectInputStream extends ObjectInputStream { "SafeObjectInputStream"); return null; } - if (!whitelistPattern.matcher(className).find()) { + if (!allowlistPattern.matcher(className).find()) { // DiskFileItem, FileItemHeadersImpl are not serializable. if (className.contains("org.apache.commons.fileupload")) { return null; diff --git a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java index a6d8e96..bf9551f 100644 --- a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java +++ b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java @@ -38,7 +38,7 @@ import org.apache.logging.log4j.ThreadContext; import org.apache.ofbiz.base.util.Debug; /** - * A Filter used to specify a whitelist of allowed paths to the OFBiz application. + * A Filter used to specify an allowlist of allowed paths to the OFBiz application. * Requests that do not match any of the paths listed in allowedPaths are redirected to redirectPath, or an error code * is returned (the error code can be set in errorCode, the default value is 403). * If forceRedirectAll is set to Y then allowedPaths is ignored and all requests are redirected to redirectPath; note @@ -58,7 +58,7 @@ import org.apache.ofbiz.base.util.Debug; * - for its internal logic (to avoid an infinite loop of redirections when forceRedirectAll is set) the filter sets * a session parameter (_FORCE_REDIRECT_=true) before the first redirection; the parameter is removed during the * second pass before the request is forwarded to the next filter in the chain - * - the filter skips the check against the whitelist of allowed paths if a request attribute + * - the filter skips the check against the allowlist of allowed paths if a request attribute * with name _FORWARDED_FROM_SERVLET_ is present; this attribute is typically set by the ControlServlet to indicate * that the request path is safe and should not be checked again */ |
Free forum by Nabble | Edit this page |