svn commit: r1557464 - in /ofbiz/branches/release12.04: ./ framework/common/webcommon/WEB
Locked
svn commit: r1557464 - in /ofbiz/branches/release12.04: ./ framework/common/webcommon/WEB
 
|
Author: jleroux
Date: Sat Jan 11 20:30:34 2014 New Revision: 1557464 URL: http://svn.apache.org/r1557464 Log: "Applied fix from trunk for revision: 1557462 " ------------------------------------------------------------------------ r1557462 | jleroux | 2014-01-11 21:26:30 +0100 (sam. 11 janv. 2014) | 4 lignes A modified patch from Gareth Carter for "JSON Response does not set http status on error" https://issues.apache.org/jira/browse/OFBIZ-5409 This is rather a defensive patch which secure json response on services calls. It might need some changes in custom code if (not recommended) an Ajax GET response is used... The util.js scrpt is introduced for that, though normally should not be needed... ------------------------------------------------------------------------ Added: ofbiz/branches/release12.04/framework/images/webapp/images/util.js - copied unchanged from r1557462, ofbiz/trunk/framework/images/webapp/images/util.js Modified: ofbiz/branches/release12.04/ (props changed) ofbiz/branches/release12.04/framework/common/webcommon/WEB-INF/common-controller.xml ofbiz/branches/release12.04/framework/common/widget/CommonScreens.xml ofbiz/branches/release12.04/specialpurpose/ecommerce/webapp/ecommerce/WEB-INF/controller.xml ofbiz/branches/release12.04/specialpurpose/webpos/webapp/webpos/WEB-INF/controller.xml Propchange: ofbiz/branches/release12.04/ ------------------------------------------------------------------------------ Merged /ofbiz/trunk:r1557462 Modified: ofbiz/branches/release12.04/framework/common/webcommon/WEB-INF/common-controller.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/release12.04/framework/common/webcommon/WEB-INF/common-controller.xml?rev=1557464&r1=1557463&r2=1557464&view=diff ============================================================================== --- ofbiz/branches/release12.04/framework/common/webcommon/WEB-INF/common-controller.xml (original) +++ ofbiz/branches/release12.04/framework/common/webcommon/WEB-INF/common-controller.xml Sat Jan 11 20:30:34 2014 @@ -179,7 +179,7 @@ under the License. </request-map> <!-- Common json reponse events, chain these after events to send json reponses --> - <!-- Standard json response, uses all compatible request attributes --> + <!-- Standard json response, For security reason (OFBIZ-5409) tries to keep only the initially called service attributes --> <request-map uri="json"> <security direct-request="false"/> <event type="java" path="org.ofbiz.common.CommonEvents" invoke="jsonResponseFromRequestAttributes"/> Modified: ofbiz/branches/release12.04/framework/common/widget/CommonScreens.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/release12.04/framework/common/widget/CommonScreens.xml?rev=1557464&r1=1557463&r2=1557464&view=diff ============================================================================== --- ofbiz/branches/release12.04/framework/common/widget/CommonScreens.xml (original) +++ ofbiz/branches/release12.04/framework/common/widget/CommonScreens.xml Sat Jan 11 20:30:34 2014 @@ -161,6 +161,7 @@ under the License. <set field="layoutSettings.javaScripts[]" value="/images/GooglemapMarkers.js" global="true" /> <set field="layoutSettings.javaScripts[]" value="/images/getDependentDropdownValues.js" global="true" /> <set field="layoutSettings.javaScripts[]" value="/images/selectMultipleRelatedValues.js" global="true" /> + <set field="layoutSettings.javaScripts[]" value="/images/util.js" global="true" /> <set field="visualThemeId" from-field="userPreferences.VISUAL_THEME" global="true" /> <service service-name="getVisualThemeResources"> <field-map field-name="visualThemeId" /> Modified: ofbiz/branches/release12.04/specialpurpose/ecommerce/webapp/ecommerce/WEB-INF/controller.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/release12.04/specialpurpose/ecommerce/webapp/ecommerce/WEB-INF/controller.xml?rev=1557464&r1=1557463&r2=1557464&view=diff ============================================================================== --- ofbiz/branches/release12.04/specialpurpose/ecommerce/webapp/ecommerce/WEB-INF/controller.xml (original) +++ ofbiz/branches/release12.04/specialpurpose/ecommerce/webapp/ecommerce/WEB-INF/controller.xml Sat Jan 11 20:30:34 2014 @@ -158,7 +158,7 @@ under the License. </request-map> <!-- Common json reponse events, chain these after events to send json reponses --> - <!-- Standard json response, uses all compatible request attributes --> + <!-- Standard json response, For security reason (OFBIZ-5409) tries to keep only the initially called service attributes --> <request-map uri="json"> <security direct-request="false"/> <event type="java" path="org.ofbiz.common.CommonEvents" invoke="jsonResponseFromRequestAttributes"/> Modified: ofbiz/branches/release12.04/specialpurpose/webpos/webapp/webpos/WEB-INF/controller.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/release12.04/specialpurpose/webpos/webapp/webpos/WEB-INF/controller.xml?rev=1557464&r1=1557463&r2=1557464&view=diff ============================================================================== --- ofbiz/branches/release12.04/specialpurpose/webpos/webapp/webpos/WEB-INF/controller.xml (original) +++ ofbiz/branches/release12.04/specialpurpose/webpos/webapp/webpos/WEB-INF/controller.xml Sat Jan 11 20:30:34 2014 @@ -95,7 +95,7 @@ <!-- End of Security Mappings --> <!-- Common json reponse events, chain these after events to send json reponses --> - <!-- Standard json response, uses all compatible request attributes --> + <!-- Standard json response, For security reason (OFBIZ-5409) tries to keep only the initially called service attributes --> <request-map uri="json"> <security direct-request="false"/> <event type="java" path="org.ofbiz.common.CommonEvents" invoke="jsonResponseFromRequestAttributes"/> |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |