This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release24.09
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release24.09 by this push:
new 45ec0a1294 Improved: Better secure "openSourceFile" request-map
(OFBIZ-13316)
45ec0a1294 is described below
commit 45ec0a12940d19163be4fbf76439f1e74805c689
Author: Jacques Le Roux <[email protected]>
AuthorDate: Tue Nov 25 11:38:34 2025 +0100
Improved: Better secure "openSourceFile" request-map (OFBIZ-13316)
Don't forget to set widget.dev.cmd.openSourceFile property to the IDE you
use
(IDEA or Eclipse).
Thank you to "Deep Dark" <[email protected]> (pl4tyz) who reported this
possible security issue.
---
framework/widget/config/widget.properties | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/framework/widget/config/widget.properties
b/framework/widget/config/widget.properties
index 8db89add49..80975fc60e 100644
--- a/framework/widget/config/widget.properties
+++ b/framework/widget/config/widget.properties
@@ -27,7 +27,7 @@
# boundary comments.
widget.verbose=true
-# Enable widget named border for development.
+# Enable widget named border for development. Don't forget to set
widget.dev.cmd.openSourceFile property to the IDE you use (IDEA or Eclipse).
# If you want to use this feature you need to set auth to "false" in the
request-maps "openSourceFile" of common-controller.xml and ecommerce controller.
# Of course don't set auth to "false" in production !
# NONE - For production where no named border will be shown.
