(ofbiz-plugins) branch release24.09 updated: Improved: Prevent URL parameters manipulation (OFBIZ-13147)

Thu, 24 Oct 2024 12:20:13 -0700 

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release24.09
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git


The following commit(s) were added to refs/heads/release24.09 by this push:
     new 8ccee0f48 Improved: Prevent URL parameters manipulation (OFBIZ-13147)
8ccee0f48 is described below

commit 8ccee0f4842f9bd60de59755af8a424a707bbc29
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Thu Oct 24 20:34:14 2024 +0200

    Improved: Prevent URL parameters manipulation (OFBIZ-13147)
    
    Removes  "JavaScriptEnabled=Y" in scrum DemoTest
    Adds a missing
      System.setProperty("SolrDispatchFilter", "runsAfterControlFilter");
    expression on SolrTests::testAddProductToIndex
---
 scrum/template/includes/DemoTest.ftl               | 24 +++++++++++-----------
 .../java/org/apache/ofbiz/solr/test/SolrTests.java |  3 ++-
 2 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/scrum/template/includes/DemoTest.ftl 
b/scrum/template/includes/DemoTest.ftl
index 36c512115..4846f9cfa 100644
--- a/scrum/template/includes/DemoTest.ftl
+++ b/scrum/template/includes/DemoTest.ftl
@@ -24,7 +24,7 @@ This component is based on the following documents: <br/>
 <a href="http://www.scrumalliance.org/pages/what_is_scrum"; 
target="_BLANK">Scrum in 30 seconds.</a><br/>
 <a href="http://www.softhouse.se/Uploades/Scrum_eng_webb.pdf"; 
target="_BLANK">Scrum in 5 minutes</a><br/>
 
-The table shows the demo user's which are setup in the demo data for this 
component.<br/>  
+The table shows the demo user's which are setup in the demo data for this 
component.<br/>
 When you click on the User Login ID,the system will login to the Scrum 
Component of that User Login ID <br/><br/>
 </div>
 
@@ -35,7 +35,7 @@ When you click on the User Login ID,the system will login to 
the Scrum Component
     </tr>
     <tr>
         <td>
-        <a href="<@ofbizUrl 
controlPath="/scrum/control">main?USERNAME=scrumadmin&PASSWORD=ofbiz&JavaScriptEnabled=Y</@ofbizUrl>"
 class="buttontext">Scrum Admin</a><br/>
+        <a href="<@ofbizUrl 
controlPath="/scrum/control">main?USERNAME=scrumadmin&PASSWORD=ofbiz</@ofbizUrl>"
 class="buttontext">Scrum Admin</a><br/>
         </td>
         <td>
             <b>Scrum Admin</b><br/>
@@ -44,7 +44,7 @@ When you click on the User Login ID,the system will login to 
the Scrum Component
     </tr>
     <tr>
         <td>
-        <a href="<@ofbizUrl 
controlPath="/scrum/control">main?USERNAME=scrummaster&PASSWORD=ofbiz&JavaScriptEnabled=Y</@ofbizUrl>"
 class="buttontext">Scrum Master</td>
+        <a href="<@ofbizUrl 
controlPath="/scrum/control">main?USERNAME=scrummaster&PASSWORD=ofbiz</@ofbizUrl>"
 class="buttontext">Scrum Master</td>
         <td>
             <b>Scrum Master</b><br/>
             The Scrummaster can create the project and sprint and will put the 
product backlog into the sprint,<br/>
@@ -53,8 +53,8 @@ When you click on the User Login ID,the system will login to 
the Scrum Component
     </tr>
     <tr>
         <td>
-        <a href="<@ofbizUrl 
controlPath="/scrum/control">main?USERNAME=productowner&PASSWORD=ofbiz&JavaScriptEnabled=Y</@ofbizUrl>"
 class="buttontext">Product Owner</a><br/>
-        <a href="<@ofbizUrl 
controlPath="/scrum/control">main?USERNAME=productowner2&PASSWORD=ofbiz&JavaScriptEnabled=Y</@ofbizUrl>"
 class="buttontext">Product Owner2</a><br/>
+        <a href="<@ofbizUrl 
controlPath="/scrum/control">main?USERNAME=productowner&PASSWORD=ofbiz</@ofbizUrl>"
 class="buttontext">Product Owner</a><br/>
+        <a href="<@ofbizUrl 
controlPath="/scrum/control">main?USERNAME=productowner2&PASSWORD=ofbiz</@ofbizUrl>"
 class="buttontext">Product Owner2</a><br/>
         </td>
         <td>
             <b>Product Owner</b><br/>
@@ -64,10 +64,10 @@ When you click on the User Login ID,the system will login 
to the Scrum Component
     </tr>
     <tr>
         <td>
-        <a href="<@ofbizUrl 
controlPath="/scrum/control">main?USERNAME=scrumteam1&PASSWORD=ofbiz&JavaScriptEnabled=Y</@ofbizUrl>"
 class="buttontext">Scrumteam1</a><br/>
-        <a href="<@ofbizUrl 
controlPath="/scrum/control">main?USERNAME=scrumteam2&PASSWORD=ofbiz&JavaScriptEnabled=Y</@ofbizUrl>"
 class="buttontext">Scrumteam2</a><br/>
-        <a href="<@ofbizUrl 
controlPath="/scrum/control">main?USERNAME=scrumteam3&PASSWORD=ofbiz&JavaScriptEnabled=Y</@ofbizUrl>"
 class="buttontext">Scrumteam3</a><br/>
-        <a href="<@ofbizUrl 
controlPath="/scrum/control">main?USERNAME=scrumteam4&PASSWORD=ofbiz&JavaScriptEnabled=Y</@ofbizUrl>"
 class="buttontext">Scrumteam4</a><br/>
+        <a href="<@ofbizUrl 
controlPath="/scrum/control">main?USERNAME=scrumteam1&PASSWORD=ofbiz</@ofbizUrl>"
 class="buttontext">Scrumteam1</a><br/>
+        <a href="<@ofbizUrl 
controlPath="/scrum/control">main?USERNAME=scrumteam2&PASSWORD=ofbiz</@ofbizUrl>"
 class="buttontext">Scrumteam2</a><br/>
+        <a href="<@ofbizUrl 
controlPath="/scrum/control">main?USERNAME=scrumteam3&PASSWORD=ofbiz</@ofbizUrl>"
 class="buttontext">Scrumteam3</a><br/>
+        <a href="<@ofbizUrl 
controlPath="/scrum/control">main?USERNAME=scrumteam4&PASSWORD=ofbiz</@ofbizUrl>"
 class="buttontext">Scrumteam4</a><br/>
         </td>
         <td>
             <b>Scrumteam</b><br/>
@@ -77,7 +77,7 @@ When you click on the User Login ID,the system will login to 
the Scrum Component
     </tr>
     <tr>
         <td>
-        <a href="<@ofbizUrl 
controlPath="/scrum/control">main?USERNAME=testadmin&PASSWORD=ofbiz&JavaScriptEnabled=Y</@ofbizUrl>"
 class="buttontext">Testadmin</a>
+        <a href="<@ofbizUrl 
controlPath="/scrum/control">main?USERNAME=testadmin&PASSWORD=ofbiz</@ofbizUrl>"
 class="buttontext">Testadmin</a>
         </td>
         <td>
             <b>Opentest</b><br/>
@@ -88,7 +88,7 @@ When you click on the User Login ID,the system will login to 
the Scrum Component
     </tr>
     <tr>
         <td>
-        <a href="<@ofbizUrl 
controlPath="/scrum/control">main?USERNAME=DemoStakeholder&PASSWORD=ofbiz&JavaScriptEnabled=Y</@ofbizUrl>"
 class="buttontext">DemoStakeholder</a>
+        <a href="<@ofbizUrl 
controlPath="/scrum/control">main?USERNAME=DemoStakeholder&PASSWORD=ofbiz</@ofbizUrl>"
 class="buttontext">DemoStakeholder</a>
         </td>
         <td>
             <b>The Stakeholder</b><br/>
@@ -96,4 +96,4 @@ When you click on the User Login ID,the system will login to 
the Scrum Component
             This is for people belonging to the same company as the product 
owner and are interested in how the development is going.
         </td>
     </tr>
-</table>
\ No newline at end of file
+</table>
diff --git a/solr/src/main/java/org/apache/ofbiz/solr/test/SolrTests.java 
b/solr/src/main/java/org/apache/ofbiz/solr/test/SolrTests.java
index e17e33bb3..fef51d020 100644
--- a/solr/src/main/java/org/apache/ofbiz/solr/test/SolrTests.java
+++ b/solr/src/main/java/org/apache/ofbiz/solr/test/SolrTests.java
@@ -51,7 +51,7 @@ public class SolrTests extends OFBizTestCase {
      * @throws Exception the exception
      */
     public void testAddProductToIndex() throws Exception {
-
+        System.setProperty("SolrDispatchFilter", "runsAfterControlFilter");
         GenericValue product = 
EntityQuery.use(getDelegator()).from("Product").where("productId", 
validTestProductId).queryOne();
 
         Map<String, Object> ctx = new HashMap<>();
@@ -73,6 +73,7 @@ public class SolrTests extends OFBizTestCase {
             throw new Exception(errorMessage);
         }
         assertTrue("Could not query search index", 
ServiceUtil.isSuccess(sresp));
+        System.clearProperty("SolrDispatchFilter");
     }
 
     /**

Reply via email to