OFBiz › OFBiz - Commits

svn commit: r1863853 [1/4] - in /ofbiz/ofbiz-framework/branches/release17.12/themes: bluelight/webapp/bluelight/ common/template/includes/ common/webapp/common/js/jquery/ common/webapp/common/js/jquery/plugins/fancybox/ common/webapp/common/js/jquery/p...

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

adityasharma

svn commit: r1863853 [1/4] - in /ofbiz/ofbiz-framework/branches/release17.12/themes: bluelight/webapp/bluelight/ common/template/includes/ common/webapp/common/js/jquery/ common/webapp/common/js/jquery/plugins/fancybox/ common/webapp/common/js/jquery/p...

Author: adityasharma
Date: Sat Jul 27 12:30:49 2019
New Revision: 1863853

URL: http://svn.apache.org/viewvc?rev=1863853&view=rev
Log:
Applied fix from trunk for revision: 1863838
===

Fixed: Check embedded Javascript libs vulnerabilities using retire.js
(OFBIZ-10678)
1. For solving CVE-2019-11358, upgraded jQuery to 3.4.1
2. Replaced library Fancybox with Featherlight. Added custom css so that cursor for links becomes pointer
Thanks Jacques Le Roux for the reviews

Added:
ofbiz/ofbiz-framework/branches/release17.12/themes/common/webapp/common/js/jquery/jquery-3.4.1.js (with props)
ofbiz/ofbiz-framework/branches/release17.12/themes/common/webapp/common/js/jquery/jquery-3.4.1.min.js (with props)
ofbiz/ofbiz-framework/branches/release17.12/themes/common/webapp/common/js/jquery/plugins/featherlight/
ofbiz/ofbiz-framework/branches/release17.12/themes/common/webapp/common/js/jquery/plugins/featherlight/featherlight-1.7.13.css (with props)
ofbiz/ofbiz-framework/branches/release17.12/themes/common/webapp/common/js/jquery/plugins/featherlight/featherlight-1.7.13.js (with props)
ofbiz/ofbiz-framework/branches/release17.12/themes/common/webapp/common/js/jquery/plugins/featherlight/featherlight-1.7.13.min.css (with props)
ofbiz/ofbiz-framework/branches/release17.12/themes/common/webapp/common/js/jquery/plugins/featherlight/featherlight-1.7.13.min.js (with props)
ofbiz/ofbiz-framework/branches/release17.12/themes/common/webapp/common/js/jquery/plugins/featherlight/featherlight.gallery-1.7.13.css (with props)
ofbiz/ofbiz-framework/branches/release17.12/themes/common/webapp/common/js/jquery/plugins/featherlight/featherlight.gallery-1.7.13.js (with props)
ofbiz/ofbiz-framework/branches/release17.12/themes/common/webapp/common/js/jquery/plugins/featherlight/featherlight.gallery-1.7.13.min.css (with props)
ofbiz/ofbiz-framework/branches/release17.12/themes/common/webapp/common/js/jquery/plugins/featherlight/featherlight.gallery-1.7.13.min.js (with props)
Removed:
ofbiz/ofbiz-framework/branches/release17.12/themes/common/webapp/common/js/jquery/jquery-3.2.1.js
ofbiz/ofbiz-framework/branches/release17.12/themes/common/webapp/common/js/jquery/jquery-3.2.1.min.js
ofbiz/ofbiz-framework/branches/release17.12/themes/common/webapp/common/js/jquery/plugins/fancybox/
Modified:
ofbiz/ofbiz-framework/branches/release17.12/themes/bluelight/webapp/bluelight/style.css
ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/includes/ListVisualThemes.ftl
ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/includes/Lookup.ftl
ofbiz/ofbiz-framework/branches/release17.12/themes/common/widget/CommonScreens.xml
ofbiz/ofbiz-framework/branches/release17.12/themes/common/widget/Theme.xml
ofbiz/ofbiz-framework/branches/release17.12/themes/flatgrey/webapp/flatgrey/style.css
ofbiz/ofbiz-framework/branches/release17.12/themes/rainbowstone/webapp/rainbowstone/style.css
ofbiz/ofbiz-framework/branches/release17.12/themes/tomahawk/webapp/tomahawk/css/style.css

Modified: ofbiz/ofbiz-framework/branches/release17.12/themes/bluelight/webapp/bluelight/style.css
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/themes/bluelight/webapp/bluelight/style.css?rev=1863853&r1=1863852&r2=1863853&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/branches/release17.12/themes/bluelight/webapp/bluelight/style.css (original)
+++ ofbiz/ofbiz-framework/branches/release17.12/themes/bluelight/webapp/bluelight/style.css Sat Jul 27 12:30:49 2019
@@ -4062,3 +4062,7 @@ html > /**/ body .jstree-default a {
white-space: normal;
height: auto;
}
+/* The custom CSS to show mouse pointer on links using featherlight plugin */
+a[data-featherlight] {
+ cursor: pointer;
+}
\ No newline at end of file

Modified: ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/includes/ListVisualThemes.ftl
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/includes/ListVisualThemes.ftl?rev=1863853&r1=1863852&r2=1863853&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/includes/ListVisualThemes.ftl (original)
+++ ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/includes/ListVisualThemes.ftl Sat Jul 27 12:30:49 2019
@@ -24,25 +24,6 @@ margin: 1em;
</style>
-->

-<script type="text/javascript" src="/common/js/jquery/plugins/fancybox/jquery.fancybox-3.2.3.min.js"></script>
-<link rel="stylesheet" href="/common/js/jquery/plugins/fancybox/jquery.fancybox-3.2.3.min.css" type="text/css" media="screen"/>
-
-<script type="text/javascript">
- $(document).ready(function () {
- $("a#single_image").fancybox();
- $("a#inline").fancybox({
- 'hideOnContentClick': true
- });
- $("a.group").fancybox({
- 'transitionIn': 'elastic',
- 'transitionOut': 'elastic',
- 'speedIn': 600,
- 'speedOut': 200,
- 'overlayShow': false
- });
- });
-</script>
-
<div class="screenlet" style="margin: 1em;">
<div class="screenlet-title-bar">
<ul>
@@ -75,7 +56,7 @@ margin: 1em;
<td>
<#if visualTheme.getScreenshots()?has_content>
<#list visualTheme.getScreenshots() as screenshot>
- <a id="single_image" href="<@ofbizContentUrl>${screenshot}</@ofbizContentUrl>"><img
+ <a data-featherlight="<@ofbizContentUrl>${screenshot}</@ofbizContentUrl>"><img
src="<@ofbizContentUrl>${screenshot}</@ofbizContentUrl>" width="150"
alt=""/></a>
</#list>

Modified: ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/includes/Lookup.ftl
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/includes/Lookup.ftl?rev=1863853&r1=1863852&r2=1863853&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/includes/Lookup.ftl (original)
+++ ofbiz/ofbiz-framework/branches/release17.12/themes/common/template/includes/Lookup.ftl Sat Jul 27 12:30:49 2019
@@ -34,7 +34,7 @@ under the License.
if (typeof(jQuery) == 'undefined') {
if (!jQueryLibLoaded) {
jQueryLibLoaded = true;
- document.write("<scr" + "ipt type=\"text/javascript\" src=\"<@ofbizContentUrl>/common/js/jquery/jquery-3.2.1.min.js</@ofbizContentUrl>\"></scr" + "ipt>");
+ document.write("<scr" + "ipt type=\"text/javascript\" src=\"<@ofbizContentUrl>/common/js/jquery/jquery-3.4.1.min.js</@ofbizContentUrl>\"></scr" + "ipt>");
document.write("<scr" + "ipt type=\"text/javascript\" src=\"<@ofbizContentUrl>/common/js/jquery/jquery-migrate-3.0.0.min.js</@ofbizContentUrl>\"></scr" + "ipt>");
document.write("<scr" + "ipt type=\"text/javascript\" src=\"<@ofbizContentUrl>/common/js/jquery/plugins/browser-plugin/jquery.browser-0.1.0.min.js</@ofbizContentUrl>\"></scr" + "ipt>");
}