ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacques Le Roux (Jira)" <j...@apache.org>
Subject [jira] [Closed] (OFBIZ-11593) "entity/list" request is not handled well
Date Sun, 12 Apr 2020 11:18:00 GMT

     [ https://issues.apache.org/jira/browse/OFBIZ-11593?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jacques Le Roux closed OFBIZ-11593.
-----------------------------------
    Fix Version/s: Upcoming Branch
       Resolution: Fixed

> "entity/list" request is not handled well
> -----------------------------------------
>
>                 Key: OFBIZ-11593
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-11593
>             Project: OFBiz
>          Issue Type: Bug
>          Components: framework/webtools
>    Affects Versions: Trunk
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Major
>             Fix For: Upcoming Branch
>
>
> The "entity/list" request has been put in with OFBIZ-11007. It's used to call the entitymaint
view and so is a demo/didactic duplicate of entitymaint request. It's only used in FindGeneric
screen (look for the WebtoolsBackToEntityList label). It's problematic because since the CSRF
token defense was put in you can no longer filter the entities from the entities list screen,
even when the default NoCsrfDefenseStrategy is used. It works if you use the entitymaint request
instead.
> Anyway, 2020-01-19 I proposed in OFBIZ-11306 a solution for such cases. It was not used
because 2020-02-14 I thought it was no longer needed, but it's necessary for this case, and
maybe others not already detected:
> {code:java}
>          if (pathInfo.get(0).indexOf('?') > -1) {
>              return pathInfo.get(0).substring(0, pathInfo.get(0).indexOf('?'));
>          } else {
> -            return pathInfo.get(0);
> +            if (1 < StringUtils.countMatches(path, "/")) {
> +                return pathInfo.get(0) + "/" + pathInfo.get(1);
> +            } else {
> +                return pathInfo.get(0);
> +            }
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message