(ofbiz-plugins) branch release18.12 updated: Improved: Prevent URL parameters manipulation (OFBIZ-13147)

Thu, 24 Oct 2024 21:37:31 -0700 

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git


The following commit(s) were added to refs/heads/release18.12 by this push:
     new 18f011d64 Improved: Prevent URL parameters manipulation (OFBIZ-13147)
18f011d64 is described below

commit 18f011d64c9d461ba5c8ab2cfa53205de7731a22
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Thu Oct 24 20:34:14 2024 +0200

    Improved: Prevent URL parameters manipulation (OFBIZ-13147)
    
    Removes  "JavaScriptEnabled=Y" in scrum DemoTest
    Adds a missing
      System.setProperty("SolrDispatchFilter", "runsAfterControlFilter");
    expression on SolrTests::testAddProductToIndex
    
    Conflicts handled by hand
      scrum/template/includes/DemoTest.ftl
      solr/src/main/java/org/apache/ofbiz/solr/test/SolrTests.java
---
 scrum/template/includes/DemoTest.ftl               | 24 +++++++++++-----------
 .../java/org/apache/ofbiz/solr/test/SolrTests.java |  2 ++
 2 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/scrum/template/includes/DemoTest.ftl 
b/scrum/template/includes/DemoTest.ftl
index ee2ffd733..26f157368 100644
--- a/scrum/template/includes/DemoTest.ftl
+++ b/scrum/template/includes/DemoTest.ftl
@@ -24,7 +24,7 @@ This component is based on the following documents: <br/>
 <a href="http://www.scrumalliance.org/pages/what_is_scrum"; 
target="_BLANK">Scrum in 30 seconds.</a><br/>
 <a href="http://www.softhouse.se/Uploades/Scrum_eng_webb.pdf"; 
target="_BLANK">Scrum in 5 minutes</a><br/>
 
-The table shows the demo user's which are setup in the demo data for this 
component.<br/>  
+The table shows the demo user's which are setup in the demo data for this 
component.<br/>
 When you click on the User Login ID,the system will login to the Scrum 
Component of that User Login ID <br/><br/>
 </div>
 
@@ -35,7 +35,7 @@ When you click on the User Login ID,the system will login to 
the Scrum Component
     </tr>
     <tr>
         <td>
-        <a 
href="/scrum/control/main?USERNAME=scrumadmin&PASSWORD=ofbiz&JavaScriptEnabled=Y"
 class="buttontext">Scrum Admin</a><br/>
+        <a href="/scrum/control/main?USERNAME=scrumadmin&PASSWORD=ofbiz&" 
class="buttontext">Scrum Admin</a><br/>
         </td>
         <td>
             <b>Scrum Admin</b><br/>
@@ -44,7 +44,7 @@ When you click on the User Login ID,the system will login to 
the Scrum Component
     </tr>
     <tr>
         <td>
-        <a 
href="/scrum/control/main?USERNAME=scrummaster&PASSWORD=ofbiz&JavaScriptEnabled=Y"
 class="buttontext">Scrum Master</td>
+        <a href="/scrum/control/main?USERNAME=scrummaster&PASSWORD=ofbiz&" 
class="buttontext">Scrum Master</td>
         <td>
             <b>Scrum Master</b><br/>
             The Scrummaster can create the project and sprint and will put the 
product backlog into the sprint,<br/>
@@ -53,8 +53,8 @@ When you click on the User Login ID,the system will login to 
the Scrum Component
     </tr>
     <tr>
         <td>
-        <a 
href="/scrum/control/main?USERNAME=productowner&PASSWORD=ofbiz&JavaScriptEnabled=Y"
 class="buttontext">Product Owner</a><br/>
-        <a 
href="/scrum/control/main?USERNAME=productowner2&PASSWORD=ofbiz&JavaScriptEnabled=Y"
 class="buttontext">Product Owner2</a><br/>
+        <a href="/scrum/control/main?USERNAME=productowner&PASSWORD=ofbiz&" 
class="buttontext">Product Owner</a><br/>
+        <a href="/scrum/control/main?USERNAME=productowner2&PASSWORD=ofbiz&" 
class="buttontext">Product Owner2</a><br/>
         </td>
         <td>
             <b>Product Owner</b><br/>
@@ -64,10 +64,10 @@ When you click on the User Login ID,the system will login 
to the Scrum Component
     </tr>
     <tr>
         <td>
-        <a 
href="/scrum/control/main?USERNAME=scrumteam1&PASSWORD=ofbiz&JavaScriptEnabled=Y"
 class="buttontext">Scrumteam1</a><br/>
-        <a 
href="/scrum/control/main?USERNAME=scrumteam2&PASSWORD=ofbiz&JavaScriptEnabled=Y"
 class="buttontext">Scrumteam2</a><br/>
-        <a 
href="/scrum/control/main?USERNAME=scrumteam3&PASSWORD=ofbiz&JavaScriptEnabled=Y"
 class="buttontext">Scrumteam3</a><br/>
-        <a 
href="/scrum/control/main?USERNAME=scrumteam4&PASSWORD=ofbiz&JavaScriptEnabled=Y"
 class="buttontext">Scrumteam4</a><br/>
+        <a href="/scrum/control/main?USERNAME=scrumteam1&PASSWORD=ofbiz&" 
class="buttontext">Scrumteam1</a><br/>
+        <a href="/scrum/control/main?USERNAME=scrumteam2&PASSWORD=ofbiz&" 
class="buttontext">Scrumteam2</a><br/>
+        <a href="/scrum/control/main?USERNAME=scrumteam3&PASSWORD=ofbiz&" 
class="buttontext">Scrumteam3</a><br/>
+        <a href="/scrum/control/main?USERNAME=scrumteam4&PASSWORD=ofbiz&" 
class="buttontext">Scrumteam4</a><br/>
         </td>
         <td>
             <b>Scrumteam</b><br/>
@@ -77,7 +77,7 @@ When you click on the User Login ID,the system will login to 
the Scrum Component
     </tr>
     <tr>
         <td>
-        <a 
href="/scrum/control/main?USERNAME=testadmin&PASSWORD=ofbiz&JavaScriptEnabled=Y"
 class="buttontext">Testadmin</a>
+        <a href="/scrum/control/main?USERNAME=testadmin&PASSWORD=ofbiz&" 
class="buttontext">Testadmin</a>
         </td>
         <td>
             <b>Opentest</b><br/>
@@ -88,7 +88,7 @@ When you click on the User Login ID,the system will login to 
the Scrum Component
     </tr>
     <tr>
         <td>
-        <a 
href="/scrum/control/main?USERNAME=DemoStakeholder&PASSWORD=ofbiz&JavaScriptEnabled=Y"
 class="buttontext">DemoStakeholder</a>
+        <a href="/scrum/control/main?USERNAME=DemoStakeholder&PASSWORD=ofbiz&" 
class="buttontext">DemoStakeholder</a>
         </td>
         <td>
             <b>The Stakeholder</b><br/>
@@ -96,4 +96,4 @@ When you click on the User Login ID,the system will login to 
the Scrum Component
             This is for people belonging to the same company as the product 
owner and are interested in how the development is going.
         </td>
     </tr>
-</table>
\ No newline at end of file
+</table>
diff --git a/solr/src/main/java/org/apache/ofbiz/solr/test/SolrTests.java 
b/solr/src/main/java/org/apache/ofbiz/solr/test/SolrTests.java
index 2b19ea00c..6b5c8b988 100644
--- a/solr/src/main/java/org/apache/ofbiz/solr/test/SolrTests.java
+++ b/solr/src/main/java/org/apache/ofbiz/solr/test/SolrTests.java
@@ -53,6 +53,7 @@ public class SolrTests extends OFBizTestCase {
     }
 
     public void testAddProductToIndex() throws Exception {
+        System.setProperty("SolrDispatchFilter", "runsAfterControlFilter");
 
         GenericValue product = 
EntityQuery.use(delegator).from("Product").where("productId", 
validTestProductId).queryOne();
 
@@ -75,6 +76,7 @@ public class SolrTests extends OFBizTestCase {
             throw new Exception(errorMessage);
         }
         assertTrue("Could not query search index", 
ServiceUtil.isSuccess(sresp));
+        System.clearProperty("SolrDispatchFilter");
     }
 
     /**

Reply via email to