svn commit: r1861566 [1/5] - in /ofbiz/branches/release16.11: framework/common/template/incl
Locked
svn commit: r1861566 [1/5] - in /ofbiz/branches/release16.11: framework/common/template/incl
 
|
Author: adityasharma
Date: Tue Jun 18 10:09:00 2019 New Revision: 1861566 URL: http://svn.apache.org/viewvc?rev=1861566&view=rev Log: Fixed: Check embedded Javascript libs vulnerabilities using retire.js (OFBIZ-10678) 1. For solving CVE-2015-9251 and CVE-2019-11358, upgraded jQuery to 3.4.1 and jQuery migrate to 3.0.0 2. Replaced broken library Fancybox with Featherlight. Added custom css so that cursor for links becomes pointer Added: ofbiz/branches/release16.11/framework/images/webapp/images/jquery/jquery-3.4.1.js (with props) ofbiz/branches/release16.11/framework/images/webapp/images/jquery/jquery-3.4.1.min.js (with props) ofbiz/branches/release16.11/framework/images/webapp/images/jquery/jquery-migrate-3.0.0.js (with props) ofbiz/branches/release16.11/framework/images/webapp/images/jquery/jquery-migrate-3.0.0.min.js (with props) ofbiz/branches/release16.11/framework/images/webapp/images/jquery/plugins/browser-plugin/ ofbiz/branches/release16.11/framework/images/webapp/images/jquery/plugins/browser-plugin/jquery.browser-0.1.0.js (with props) ofbiz/branches/release16.11/framework/images/webapp/images/jquery/plugins/browser-plugin/jquery.browser-0.1.0.min.js (with props) ofbiz/branches/release16.11/framework/images/webapp/images/jquery/plugins/featherlight/ ofbiz/branches/release16.11/framework/images/webapp/images/jquery/plugins/featherlight/featherlight-1.7.13.css (with props) ofbiz/branches/release16.11/framework/images/webapp/images/jquery/plugins/featherlight/featherlight-1.7.13.js (with props) ofbiz/branches/release16.11/framework/images/webapp/images/jquery/plugins/featherlight/featherlight-1.7.13.min.css (with props) ofbiz/branches/release16.11/framework/images/webapp/images/jquery/plugins/featherlight/featherlight-1.7.13.min.js (with props) ofbiz/branches/release16.11/framework/images/webapp/images/jquery/plugins/featherlight/featherlight.gallery-1.7.13.css (with props) ofbiz/branches/release16.11/framework/images/webapp/images/jquery/plugins/featherlight/featherlight.gallery-1.7.13.js (with props) ofbiz/branches/release16.11/framework/images/webapp/images/jquery/plugins/featherlight/featherlight.gallery-1.7.13.min.css (with props) ofbiz/branches/release16.11/framework/images/webapp/images/jquery/plugins/featherlight/featherlight.gallery-1.7.13.min.js (with props) Removed: ofbiz/branches/release16.11/framework/images/webapp/images/jquery/jquery-1.11.0.js ofbiz/branches/release16.11/framework/images/webapp/images/jquery/jquery-1.11.0.min.js ofbiz/branches/release16.11/framework/images/webapp/images/jquery/jquery-migrate-1.2.1.js Modified: ofbiz/branches/release16.11/framework/common/template/includes/ListVisualThemes.ftl ofbiz/branches/release16.11/framework/common/template/includes/Lookup.ftl ofbiz/branches/release16.11/framework/common/widget/CommonScreens.xml ofbiz/branches/release16.11/framework/common/widget/LookupScreens.xml ofbiz/branches/release16.11/specialpurpose/ecommerce/widget/CommonScreens.xml ofbiz/branches/release16.11/themes/bluelight/data/BlueLightThemeData.xml ofbiz/branches/release16.11/themes/bluelight/webapp/bluelight/style.css ofbiz/branches/release16.11/themes/flatgrey/data/FlatGreyThemeData.xml ofbiz/branches/release16.11/themes/flatgrey/webapp/flatgrey/style.css ofbiz/branches/release16.11/themes/rainbowstone/data/RainbowStoneThemeData.xml ofbiz/branches/release16.11/themes/rainbowstone/webapp/rainbowstone/style.css ofbiz/branches/release16.11/themes/tomahawk/data/TomahawkThemeData.xml ofbiz/branches/release16.11/themes/tomahawk/webapp/tomahawk/css/style.css Modified: ofbiz/branches/release16.11/framework/common/template/includes/ListVisualThemes.ftl URL: http://svn.apache.org/viewvc/ofbiz/branches/release16.11/framework/common/template/includes/ListVisualThemes.ftl?rev=1861566&r1=1861565&r2=1861566&view=diff ============================================================================== --- ofbiz/branches/release16.11/framework/common/template/includes/ListVisualThemes.ftl (original) +++ ofbiz/branches/release16.11/framework/common/template/includes/ListVisualThemes.ftl Tue Jun 18 10:09:00 2019 @@ -24,25 +24,6 @@ margin: 1em; </style> --> -<script type="text/javascript" src="/images/jquery/plugins/fancybox/jquery.fancybox-1.3.4.pack.js"></script> -<link rel="stylesheet" href="/images/jquery/plugins/fancybox/jquery.fancybox-1.3.4.css" type="text/css" media="screen"/> - -<script type="text/javascript"> - $(document).ready(function () { - $("a#single_image").fancybox(); - $("a#inline").fancybox({ - 'hideOnContentClick': true - }); - $("a.group").fancybox({ - 'transitionIn': 'elastic', - 'transitionOut': 'elastic', - 'speedIn': 600, - 'speedOut': 200, - 'overlayShow': false - }); - }); -</script> - <div class="screenlet" style="margin: 1em;"> <div class="screenlet-title-bar"> <ul> @@ -77,7 +58,7 @@ margin: 1em; <td> <#if screenshots?has_content> <#list screenshots as screenshot> - <a id="single_image" href="<@ofbizContentUrl>${screenshot.resourceValue}</@ofbizContentUrl>"><img + <a data-featherlight="<@ofbizContentUrl>${screenshot.resourceValue}</@ofbizContentUrl>"><img src="<@ofbizContentUrl>${screenshot.resourceValue}</@ofbizContentUrl>" width="150" alt=""/></a> </#list> Modified: ofbiz/branches/release16.11/framework/common/template/includes/Lookup.ftl URL: http://svn.apache.org/viewvc/ofbiz/branches/release16.11/framework/common/template/includes/Lookup.ftl?rev=1861566&r1=1861565&r2=1861566&view=diff ============================================================================== --- ofbiz/branches/release16.11/framework/common/template/includes/Lookup.ftl (original) +++ ofbiz/branches/release16.11/framework/common/template/includes/Lookup.ftl Tue Jun 18 10:09:00 2019 @@ -34,8 +34,9 @@ under the License. if (typeof(jQuery) == 'undefined') { if (!jQueryLibLoaded) { jQueryLibLoaded = true; - document.write("<scr" + "ipt type=\"text/javascript\" src=\"<@ofbizContentUrl>/images/jquery/jquery-1.11.0.min.js</@ofbizContentUrl>\"></scr" + "ipt>"); - document.write("<scr" + "ipt type=\"text/javascript\" src=\"<@ofbizContentUrl>/images/jquery/jquery-migrate-1.2.1.js</@ofbizContentUrl>\"></scr" + "ipt>"); + document.write("<scr" + "ipt type=\"text/javascript\" src=\"<@ofbizContentUrl>/images/jquery/jquery-3.4.1.min.js</@ofbizContentUrl>\"></scr" + "ipt>"); + document.write("<scr" + "ipt type=\"text/javascript\" src=\"<@ofbizContentUrl>/images/jquery/jquery-migrate-3.0.0.min.js</@ofbizContentUrl>\"></scr" + "ipt>"); + document.write("<scr" + "ipt type=\"text/javascript\" src=\"<@ofbizContentUrl>/images/jquery/plugins/browser-plugin/jquery.browser-0.1.0.min.js</@ofbizContentUrl>\"></scr" + "ipt>"); } setTimeout("initJQuery()", 50); } Modified: ofbiz/branches/release16.11/framework/common/widget/CommonScreens.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/release16.11/framework/common/widget/CommonScreens.xml?rev=1861566&r1=1861565&r2=1861566&view=diff ============================================================================== --- ofbiz/branches/release16.11/framework/common/widget/CommonScreens.xml (original) +++ ofbiz/branches/release16.11/framework/common/widget/CommonScreens.xml Tue Jun 18 10:09:00 2019 @@ -462,8 +462,9 @@ under the License. <set field="layoutSettings.javaScripts[+0]" value="/images/jquery/plugins/jeditable/jquery.jeditable.js" global="true"/> <set field="layoutSettings.javaScripts[+0]" value="/images/jquery/plugins/fjTimer/jquerytimer-min.js" global="true"/> <set field="layoutSettings.javaScripts[+0]" value="/images/jquery/plugins/validate/jquery.validate.min.js" global="true"/> - <set field="layoutSettings.javaScripts[+0]" value="/images/jquery/jquery-migrate-1.2.1.js" global="true"/> - <set field="layoutSettings.javaScripts[+0]" value="/images/jquery/jquery-1.11.0.min.js" global="true"/> + <set field="layoutSettings.javaScripts[+0]" value="/images/jquery/plugins/browser-plugin/jquery.browser-0.1.0.min.js" global="true"/> + <set field="layoutSettings.javaScripts[+0]" value="/images/jquery/jquery-migrate-3.0.0.min.js" global="true"/> + <set field="layoutSettings.javaScripts[+0]" value="/images/jquery/jquery-3.4.1.min.js" global="true"/> <!-- jQuery CSSs --> <set field="layoutSettings.styleSheets[+0]" value="/images/jquery/plugins/asmselect/jquery.asmselect-1.0.4a-beta.css" global="true"/> Modified: ofbiz/branches/release16.11/framework/common/widget/LookupScreens.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/release16.11/framework/common/widget/LookupScreens.xml?rev=1861566&r1=1861565&r2=1861566&view=diff ============================================================================== --- ofbiz/branches/release16.11/framework/common/widget/LookupScreens.xml (original) +++ ofbiz/branches/release16.11/framework/common/widget/LookupScreens.xml Tue Jun 18 10:09:00 2019 @@ -172,6 +172,8 @@ under the License. <set field="parameters.presentation" value="window"/> <entity-one entity-name="WebSite" value-field="webSite"/> <set field="visualThemeSetId" from-field="webSite.visualThemeSetId" default-value="BACKOFFICE" /> + <set field="layoutSettings.styleSheets[]" value="/images/jquery/plugins/featherlight/featherlight-1.7.13.min.css" global="true"/> + <set field="layoutSettings.javaScripts[+0]" value="/images/jquery/plugins/featherlight/featherlight-1.7.13.min.js" global="true"/> <entity-condition entity-name="VisualTheme" list="visualThemes"> <condition-expr field-name="visualThemeSetId" from-field="visualThemeSetId" /> </entity-condition> |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |