OFBiz › OFBiz - Commits

svn commit: r659658 - in /ofbiz/trunk/framework: common/widget/ example/webapp/example/WEB-INF/ example/webapp/example/WEB-INF/actions/ example/webapp/example/WEB-INF/actions/includes/ example/widget/example/

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

jacopoc

svn commit: r659658 - in /ofbiz/trunk/framework: common/widget/ example/webapp/example/WEB-INF/ example/webapp/example/WEB-INF/actions/ example/webapp/example/WEB-INF/actions/includes/ example/widget/example/

Author: jacopoc
Date: Fri May 23 13:57:27 2008
New Revision: 659658

URL: http://svn.apache.org/viewvc?rev=659658&view=rev
Log:
Fix for security hole I have introduced while working on the Ajax autocompleter fields.
This is a temporary approach that can be improved.

Added:
ofbiz/trunk/framework/example/webapp/example/WEB-INF/actions/
ofbiz/trunk/framework/example/webapp/example/WEB-INF/actions/includes/
ofbiz/trunk/framework/example/webapp/example/WEB-INF/actions/includes/findExampleFeatures.bsh (with props)
Modified:
ofbiz/trunk/framework/common/widget/CommonScreens.xml
ofbiz/trunk/framework/example/webapp/example/WEB-INF/controller.xml
ofbiz/trunk/framework/example/widget/example/ExampleForms.xml

Modified: ofbiz/trunk/framework/common/widget/CommonScreens.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/widget/CommonScreens.xml?rev=659658&r1=659657&r2=659658&view=diff
==============================================================================
--- ofbiz/trunk/framework/common/widget/CommonScreens.xml (original)
+++ ofbiz/trunk/framework/common/widget/CommonScreens.xml Fri May 23 13:57:27 2008
@@ -93,11 +93,15 @@
<screen name="ajaxAutocompleteOptions">
<section>
<actions>
+ <set field="autocompleteOptions" from-field="parameters.autocompleteOptions"/>
+ 
</actions>
<widgets>
<platform-specific><html><html-template location="component://common/webcommon/includes/ajaxAutocompleteOptions.ftl"/></html></platform-specific>

Added: ofbiz/trunk/framework/example/webapp/example/WEB-INF/actions/includes/findExampleFeatures.bsh
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/example/webapp/example/WEB-INF/actions/includes/findExampleFeatures.bsh?rev=659658&view=auto
==============================================================================
--- ofbiz/trunk/framework/example/webapp/example/WEB-INF/actions/includes/findExampleFeatures.bsh (added)
+++ ofbiz/trunk/framework/example/webapp/example/WEB-INF/actions/includes/findExampleFeatures.bsh Fri May 23 13:57:27 2008
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import java.util.TreeSet;
+import javolution.util.FastList;
+import org.ofbiz.entity.condition.EntityConditionList;
+import org.ofbiz.entity.condition.EntityExpr;
+import org.ofbiz.entity.condition.EntityFieldValue;
+import org.ofbiz.entity.condition.EntityFunction;
+import org.ofbiz.entity.condition.EntityOperator;
+import org.ofbiz.base.util.UtilMisc;
+import org.ofbiz.base.util.UtilValidate;
+
+delegator = request.getAttribute("delegator");
+
+andExprs = FastList.newInstance();
+fieldValue = request.getParameter("exampleFeatureId");
+if (UtilValidate.isNotEmpty(fieldValue)) {
+ andExprs.add(new EntityExpr(new EntityFunction.UPPER(new EntityFieldValue("exampleFeatureId")),
+ EntityOperator.LIKE, "%" + fieldValue.toUpperCase() + "%"));
+}
+
+List autocompleteOptions = null;
+if (andExprs.size() > 0) {
+ entityConditionList = new EntityConditionList(andExprs, EntityOperator.AND);
+ autocompleteOptions = delegator.findList("ExampleFeature", entityConditionList, new TreeSet(UtilMisc.toList("exampleFeatureId", "description")), UtilMisc.toList("-exampleFeatureId"), null, false);
+ //context.put("autocompleteOptions", autocompleteOptions);
+ request.setAttribute("autocompleteOptions", autocompleteOptions);
+}
+return "success";
\ No newline at end of file

Propchange: ofbiz/trunk/framework/example/webapp/example/WEB-INF/actions/includes/findExampleFeatures.bsh
------------------------------------------------------------------------------
svn:eol-style = native

Propchange: ofbiz/trunk/framework/example/webapp/example/WEB-INF/actions/includes/findExampleFeatures.bsh
------------------------------------------------------------------------------
svn:keywords = Date Rev Author URL Id

Propchange: ofbiz/trunk/framework/example/webapp/example/WEB-INF/actions/includes/findExampleFeatures.bsh
------------------------------------------------------------------------------
svn:mime-type = text/plain

Modified: ofbiz/trunk/framework/example/webapp/example/WEB-INF/controller.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/example/webapp/example/WEB-INF/controller.xml?rev=659658&r1=659657&r2=659658&view=diff
==============================================================================
--- ofbiz/trunk/framework/example/webapp/example/WEB-INF/controller.xml (original)
+++ ofbiz/trunk/framework/example/webapp/example/WEB-INF/controller.xml Fri May 23 13:57:27 2008
@@ -28,6 +28,8 @@
<description>Example Component Site Configuration File</description>
<owner>Copyright 2001-2008 The Apache Software Foundation</owner>

+ <handler name="bsf" type="request" class="org.ofbiz.webapp.event.BsfEventHandler"/>
+

<field name="exampleFeatureApplTypeId" title="${uiLabelMap.CommonType}">
<drop-down allow-empty="false">