This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release17.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release17.12 by this push:
new b09fa66 Fixed: IDOR vulnerability in the order processing feature in
ecommerce component (OFBIZ-11836)
b09fa66 is described below
commit b09fa66ed31124b964ecf5b68500623b6642727b
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Sat Jun 27 10:43:02 2020 +0200
Fixed: IDOR vulnerability in the order processing feature in ecommerce
component (OFBIZ-11836)
Fixes a bug when there are no problem viewing the order, my bad
---
applications/order/groovyScripts/order/OrderViewWebSecure.groovy | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/applications/order/groovyScripts/order/OrderViewWebSecure.groovy
b/applications/order/groovyScripts/order/OrderViewWebSecure.groovy
index c5bdd5b..fc1e65c 100644
--- a/applications/order/groovyScripts/order/OrderViewWebSecure.groovy
+++ b/applications/order/groovyScripts/order/OrderViewWebSecure.groovy
@@ -59,9 +59,9 @@ if (orderHeader) {
canViewInternalDetails = false
errMsgList.add("It's not an error : you are not allowed to view
this!")
showErrorMsg = "Y"
+ request.setAttribute("_ERROR_MESSAGE_LIST_", errMsgList)
+ context.showErrorMsg = showErrorMsg
}
- request.setAttribute("_ERROR_MESSAGE_LIST_", errMsgList)
- context.showErrorMsg = showErrorMsg
}
context.hasPermission = hasPermission
