Hello Jacques,
Le 23/01/2025 à 18:35, Jacques Le Roux a écrit :
Hi Nicolas,
We have a problem with 24.09. It no longer passes by ControlFilter. I
have yet no idea why and when that happened. There is no problem with
trunk.
I'll have a look
I spotted that while trying to understand why you replaced
privatestaticfinalList<String>ALLOWEDTOKENS=getAllowedTokens();
by
StringUtil.split(req.getServletContext().getInitParameter("allowedQueryTokens"),","))
It seems you missed to add something and if it's better (not sure why)
then to remove the 1st line above.
The idea for this change come to give only allowed token present on the
case where we test. In this case link to the webapp.
Later on code, when we tried to analyze if it's allowed, we merge given
token when the list present on properties (global to system)
****
List<String> allowedContents;
if (allowed != null) {
allowedContents = new ArrayList<>(allowed);
allowedContents.addAll(ALLOWEDWEBSHELLTOKENS);
} else {
allowedContents = ALLOWEDWEBSHELLTOKENS;
}
****
BTW could you provide the content of this PR on trunk?
Sure, just at this time I focused on customer site who prepare the
migration on 24.09 :)
Nicolas
Jacques
Le 22/01/2025 à 17:27, Nicolas Malin a écrit :
Hello Jacques,
We detected some other regression on our side with this. I took
sometime to improve your solution with pattern analyze.
I set all on this PR
:https://github.com/apache/ofbiz-framework/pull/873 (only on
release24.09 for now)
If it'd be good I think we can release the 24.09.01 and the last for
18.12.18
Nicolas
Le 22/01/2025 à 09:15, Jacques Le Roux a écrit :
Le 13/01/2025 à 18:44, Jacques Le Roux a écrit :
Hi,
Leïla reported a bug at OFBIZ-13092. I just committed a fix. Only
the 18.12 branch was affected.
It's not a security issue, so should we release 18.12.18 now or wait?
TIA
Jacques
Hi,
It's fixed now in all branches (including trunk). The only issue was
that you could not sort columns in few cases. Maybe we could issue
release 18.12.18 now?
BTW, what about 24.09.01?
Jacques
