ofbiz-framework.git
2 hours agoImproved: Manufacturing Rules - move menu-item to ManufacturingAppBar (OFBIZ-12525) trunk
Jacques Le Roux [Wed, 28 Sep 2022 07:08:18 +0000 (09:08 +0200)] 
Improved: Manufacturing Rules - move menu-item to ManufacturingAppBar (OFBIZ-12525)

Adding "Manufacturing Rules" menu to the top menu seems a good idea to me,
not removing it from the BOM page sub-menu.

Thanks: Pierre Smits for the initial PR

18 hours agoFixed: Reducing scope of variables in org.apache.ofbiz.base package (OFBIZ-10478)
Jacques Le Roux [Tue, 27 Sep 2022 15:12:01 +0000 (17:12 +0200)] 
Fixed: Reducing scope of variables in org.apache.ofbiz.base package (OFBIZ-10478)

Reverts
- public static Map<String, Object> testService(
+ private static Map<String, Object> testService(

This was the real (and AFAIK only) error:
|W| [JUNIT (error)] - testBasicJavaInvocation :
org.apache.ofbiz.service.GenericServiceException: Service [testScv]
specified Java method (invoke attribute) does not exist
(org.apache.ofbiz.common.CommonServices.testService(...
[..]
Caused by: java.lang.NoSuchMethodException:
org.apache.ofbiz.common.CommonServices.testService(...
at java.lang.Class.getMethod(Class.java:2108) ~[?:?]
at org.apache.ofbiz.service.engine.StandardJavaEngine.serviceInvoker(...

I think this has no been tested with integration test

19 hours agoFixed: Reducing scope of variables in org.apache.ofbiz.base package (OFBIZ-10478)
Jacques Le Roux [Tue, 27 Sep 2022 13:56:58 +0000 (15:56 +0200)] 
Fixed: Reducing scope of variables in org.apache.ofbiz.base package (OFBIZ-10478)

Reverts
-    private static String replaceFirst(String str1, String str2, String str3) {
+    public static String replaceFirst(String str1, String str2, String str3) {

Error:
Error while initializing UelFunctions.Functions instance
java.lang.NoSuchMethodException:
org.apache.ofbiz.base.util.string.UelFunctions.replaceFirst(java.lang.String, java.lang.String, java.lang.String)

I hope this is the reason why Builbot reports that testIntegration has error/s
when actually there is none locally and even none in the site report.

Actually it's a runtime error

23 hours agoImproved: Reducing scope of variables in org.apache.ofbiz.datafile package (OFBIZ...
Jacques Le Roux [Tue, 27 Sep 2022 10:22:51 +0000 (12:22 +0200)] 
Improved: Reducing scope of variables in org.apache.ofbiz.datafile package (OFBIZ-10481)

Thanks: Pradhan Yash Sharma for the patch

23 hours agoImproved: Reducing scope of variables in org.apache.ofbiz.base package (OFBIZ-1080)
Jacques Le Roux [Tue, 27 Sep 2022 10:16:17 +0000 (12:16 +0200)] 
Improved: Reducing scope of variables in org.apache.ofbiz.base package (OFBIZ-1080)

jleroux: maybe because not all was applied or code changed, (or?) I had to

revert
-    public ScriptHelperImpl(ScriptContext context) {
+    ScriptHelperImpl(ScriptContext context) {

Thanks: Pradhan Yash Sharma for the patch

23 hours agoImproved: Reducing scope of variables in org.apache.ofbiz.base package (OFBIZ-10478)
Jacques Le Roux [Tue, 27 Sep 2022 10:07:04 +0000 (12:07 +0200)] 
Improved: Reducing scope of variables in org.apache.ofbiz.base package (OFBIZ-10478)

jleroux: maybe because not all was applied or code changed, (or?) I had to
manually change

-    public static boolean isFileResourceLoader
+    static boolean isFileResourceLoader
That was in the patch and not applied

revert
-        public String getMountPoint() {
+        String getMountPoint() {

-        public synchronized boolean getAppBarDisplay() {
+        synchronized boolean getAppBarDisplay() {

Thanks: Pradhan Yash Sharma for the patch

40 hours agoImproved: Comments out codeQL icon rendering.
Jacques Le Roux [Mon, 26 Sep 2022 17:10:33 +0000 (19:10 +0200)] 
Improved: Comments out codeQL icon rendering.

Moves montastic icon up

40 hours agoImproved: Comments out codeQL icon rendering.
Jacques Le Roux [Mon, 26 Sep 2022 16:27:09 +0000 (18:27 +0200)] 
Improved: Comments out codeQL icon rendering.

Because it recently failed (too long), we (temporarily?) no longer use codeQL to
check Java code on GH. We also never got it working for Javascript, seems that
OFBiz code is too big for it.

41 hours agoBump uglify-js in /themes/common-theme/webapp/common-theme/js (#546)
dependabot[bot] [Mon, 26 Sep 2022 15:42:56 +0000 (17:42 +0200)] 
Bump uglify-js in /themes/common-theme/webapp/common-theme/js (#546)

Bumps [uglify-js](https://github.com/mishoo/UglifyJS) from 3.17.1 to 3.17.2.
- [Release notes](https://github.com/mishoo/UglifyJS/releases)
- [Commits](https://github.com/mishoo/UglifyJS/compare/v3.17.1...v3.17.2)

---
updated-dependencies:
- dependency-name: uglify-js
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 days agoFixed broken temporal expression screen while rendering ListChildExpressions form.
Deepak Dixit [Mon, 26 Sep 2022 07:16:26 +0000 (12:46 +0530)] 
Fixed broken temporal expression screen while rendering ListChildExpressions form.
There was an typo in form file, renamed TempExprForms.xml and updated references accordingly

2 days agoFixed: Temporal Expression screen date time picker not working due to duplicate id...
Deepak Dixit [Mon, 26 Sep 2022 06:13:04 +0000 (11:43 +0530)] 
Fixed: Temporal Expression screen date time picker not working due to duplicate id. (OFBIZ-12695)

Added id in DateRange macro, and passed the unique id from temporal expression tempalte. Now DateRange and Frequency working fine

2 days agoFixed: dateRange1 is not valid fileds for the entity TemporalExpression (OFBIZ-12695)
Deepak Dixit [Mon, 26 Sep 2022 05:47:40 +0000 (11:17 +0530)] 
Fixed: dateRange1 is not valid fileds for the entity TemporalExpression (OFBIZ-12695)
While fixing the issue reported under OFBIZ-7066 invalid fileds names was used. Reverted commit#1791791, will fix the orinal issue in next commit

2 days agoImproved: Reducing scope of variables in org.apache.ofbiz.catalina package (OFBIZ...
Jacques Le Roux [Sun, 25 Sep 2022 10:03:09 +0000 (12:03 +0200)] 
Improved: Reducing scope of variables in org.apache.ofbiz.catalina package (OFBIZ-10479)

Applied with some fuzz

-    protected Integer sslAcceleratorPort = null;
+    private Integer sslAcceleratorPort = null;

was already done, rest by hand in SslAcceleratorValve

Thanks: Pradhan Yash Sharma

7 days agoImproved : The typing errors in the file (OFBIZ-12643) (#515)
priyal-hotwax [Wed, 21 Sep 2022 08:02:45 +0000 (13:32 +0530)] 
Improved : The typing errors in the file (OFBIZ-12643) (#515)

Fixed the typo errors

Update framework/webapp/dtd/site-conf.xsd
Co-authored-by: Aditya Sharma <iamadityasharma7@gmail.com>
Co-authored-by: Jacques Le Roux <jacques.le.roux@les7arts.com>
Co-authored-by: Aditya Sharma <iamadityasharma7@gmail.com>
7 days agoBump uglify-js in /themes/common-theme/webapp/common-theme/js (#545)
dependabot[bot] [Tue, 20 Sep 2022 15:52:42 +0000 (17:52 +0200)] 
Bump uglify-js in /themes/common-theme/webapp/common-theme/js (#545)

Bumps [uglify-js](https://github.com/mishoo/UglifyJS) from 3.17.0 to 3.17.1.
- [Release notes](https://github.com/mishoo/UglifyJS/releases)
- [Commits](https://github.com/mishoo/UglifyJS/compare/v3.17.0...v3.17.1)

---
updated-dependencies:
- dependency-name: uglify-js
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
9 days agoUse connection.getCatalog()to include the catalog from the Connection; this is needed...
Deepak Dixit [Mon, 19 Sep 2022 08:00:55 +0000 (13:30 +0530)] 
Use connection.getCatalog()to include the catalog from the Connection; this is needed for MySQL which does not restrict meta data queries to the current connected database without specifying a catalog on these methods, may cause issues with other databases and needs more testing (#543)

9 days agoImproved: The big problem when loading seed. (OFBIZ-7754)
Jacques Le Roux [Sun, 18 Sep 2022 11:55:24 +0000 (13:55 +0200)] 
Improved: The big problem when loading seed. (OFBIZ-7754)

After a last discussion on dev ML:
https://lists.apache.org/thread/13kvnxvhrwfj7o1vjv3q8lsfzycc0t8q
we decided to keep the loading but commented out with a comment.

This also allows to close OFBIZ-7112

Thanks: Michael for the idea of no loading the data.

12 days agoImproved: Updated apache tika library to 2.4.1 (OFBIZ-12572) (#544)
Deepak Dixit [Thu, 15 Sep 2022 13:37:45 +0000 (19:07 +0530)] 
Improved: Updated apache tika library to 2.4.1 (OFBIZ-12572) (#544)

Included common csv and apache cxf dependency as they were removed from tika 2.4

12 days agoReverted: "Fixed: Extend HTML Sanitizer - style attribute (OFBIZ-12691)"
Jacques Le Roux [Thu, 15 Sep 2022 13:00:27 +0000 (15:00 +0200)] 
Reverted: "Fixed: Extend HTML Sanitizer - style attribute (OFBIZ-12691)"

This reverts commit 733d0e0a8aeed9faf7ebd26be12178ba6987dd4f.

I'm not sure why when coming from UI HtmlSanitizer.Policy() change quotes
to HTML entities, but not when coming from test. It seems to come from the
context as org.owasp.html.HtmlStreamRenderer somehow explains it:

<<Given a series of HTML tokens, writes valid, normalized HTML to the output.
The output will have well-defined tag boundaries, but there may be orphaned or
missing close and open tags. The result of two renderers can always be
concatenated to produce a larger snippet of HTML, but if the first
was called with writeOpenTag("plaintext", ...), then any tags in the second will
not be interpreted as tags in the concatenated version.>>

Anyway reverting fixes the test issue.

12 days agoImproved: Extend HTML Sanitizer - style attribute (OFBIZ-12691)
Jacques Le Roux [Thu, 15 Sep 2022 10:06:18 +0000 (12:06 +0200)] 
Improved: Extend HTML Sanitizer - style attribute (OFBIZ-12691)

This is a no functional changes. It makes things clearer.

I initially wanted to rather do that and forgot. The idea is to no change the
sanitization done by HtmlSanitizer.Policy(). We just need to be sure that the
comparison with unescapeEcmaScriptAndHtml4 works.

Maybe later we will figure out that some more HTML entities will need to be
added to "&#39;" and "&#34;"...

13 days agoFixed: [SECURITY] Upgrade Tika to 1.28.5 (OFBIZ-12693)
Jacques Le Roux [Thu, 15 Sep 2022 07:47:19 +0000 (09:47 +0200)] 
Fixed: [SECURITY] Upgrade Tika to 1.28.5 (OFBIZ-12693)

It seems it will be our last Tika update made w/o special efforts.

2 weeks agoReverted: codeql-analysis.yml to codeql-analysis.yml.bak
Jacques Le Roux [Tue, 13 Sep 2022 16:28:43 +0000 (18:28 +0200)] 
Reverted: codeql-analysis.yml to codeql-analysis.yml.bak

Without changes for months it does not work since yesterday and uselessly
pollute notifications@ofbiz.apache.org

I keep a backup in case something change later...

2 weeks agoFixed: Extend HTML Sanitizer - style attribute (OFBIZ-12691)
Jacques Le Roux [Tue, 13 Sep 2022 11:16:22 +0000 (13:16 +0200)] 
Fixed: Extend HTML Sanitizer - style attribute (OFBIZ-12691)

Forgot to update UtilCodecTests::testCheckStringForHtmlSafe.

UtilCodec::checkStringForHtmlSafe now returns HTML entities for quotes (single
or double)

2 weeks agoFixed: Extend HTML Sanitizer - style attribute (OFBIZ-12691)
Jacques Le Roux [Tue, 13 Sep 2022 09:12:40 +0000 (11:12 +0200)] 
Fixed: Extend HTML Sanitizer - style attribute (OFBIZ-12691)

While backporting previous trunk commit (to a0d829f770) a test error showed in
22.01 (not in trunk, the same was just in log).

Then if today you try to put a quote (single or double) at
https://demo-trunk.ofbiz.apache.org/content/control/WebSiteCms?webSiteId=CmsSite
you won't be able to, because of:
<<The Following Errors Occurred:
In field [textData] by our input policy, your input has not been accepted for
security reason. Please check and modify accordingly, thanks.>>

This is due to the use of HtmlSanitizer.Policy() on value in
checkStringForHtmlSafe

The solution is to put back quotes (single or double) before comparing.

While at it, I also modified checkStringForHtmlSafe to return safe HTML entities
for ' and "

This also adds comments about why we have <<new Locale("test")>> in several
places: labels are not available in testClasses Gradle task.

2 weeks agoFixed: Extend HTML Sanitizer - style attribute (OFBIZ-12691)
Jacques Le Roux [Mon, 12 Sep 2022 08:34:05 +0000 (10:34 +0200)] 
Fixed: Extend HTML Sanitizer - style attribute (OFBIZ-12691)

Right now it is not possible to assign inline style to html content.
Trumbowyg Editor uses such tags for align paragraphs.

style="text-align:right"

It is necessary to remove space within the attribute and remove the trailing
semicolon in order to apply with OWASP filter rules.

Create or open content with "Long text". Goto dataresource and edit HTML.
Put in some text and use the align icons (right, center ...) to format the text.
Save. You will get a security info.

Thanks: Ingo Wolfmayr

2 weeks agoFixed: Send Confirmation Mail Request Problem (OFBIZ-12674)
Jacques Le Roux [Mon, 12 Sep 2022 07:16:42 +0000 (09:16 +0200)] 
Fixed: Send Confirmation Mail Request Problem (OFBIZ-12674)

The sendconfirmationmail request exists but RequestHandler receives
"/sendconfirmationmail/getJSONuiLabelArray"

Solution: this is a known nested request, we can bypass
throwRequestHandlerExceptionOnMissingLocalRequest

Thanks: Ingo Wolfmayr for report

3 weeks agoPushing minor changes
Ashish Vijaywargiya [Tue, 6 Sep 2022 18:54:33 +0000 (00:24 +0530)] 
Pushing minor changes

3 weeks agoFixed: Tax calculation not considering productStoreGroup (OFBIZ-12686)
Jacques Le Roux [Mon, 5 Sep 2022 10:09:38 +0000 (12:09 +0200)] 
Fixed: Tax calculation not considering productStoreGroup (OFBIZ-12686)

For Purchase Orders we need to check for the productstore.

Thanks: Ingo

4 weeks agoImproved: clearer French label for approving reviews
Jacques Le Roux [Tue, 30 Aug 2022 14:54:51 +0000 (16:54 +0200)] 
Improved: clearer French label for approving reviews

4 weeks agoImproved: Optimize the 'get average product rating' method logic (OFBIZ-12680)
Jacques Le Roux [Tue, 30 Aug 2022 14:53:49 +0000 (16:53 +0200)] 
Improved: Optimize the 'get average product rating' method logic (OFBIZ-12680)

Problem: When calculating the average product rating for any product, the 'get
average product rating' method first retrieves the whole list of reviews and
then iterates all product reviews to determine.

This approach takes time to respond when there are thousands of reviews of a
single product. It takes significantly longer to display many products together
with their reviews. (e.g. search result page)

Solution: We can use the 'average' function to get the average rather than
iterating all the product reviews.

Thanks: sourabh jain for the patch, Priya Sharma to help understand

4 weeks agoFixed: Add auto-parameters-form option to on-event-update-area link in xml form ...
Jacques Le Roux [Tue, 30 Aug 2022 14:35:11 +0000 (16:35 +0200)] 
Fixed: Add auto-parameters-form option to on-event-update-area link in xml form (OFBIZ-12684)

In few previous commits I mixed up things with OFBIZ-12680. I'll remove comments
there, sorry for that.

This should possibly fixes a DTD issue on on-event-update-area in StoreForms.xml
by fixing a typo put in with few previous commits (that can be ignored)

4 weeks agoImproved: Optimize the 'get average product rating' method logic (OFBIZ-12680)
Jacques Le Roux [Tue, 30 Aug 2022 14:23:59 +0000 (16:23 +0200)] 
Improved: Optimize the 'get average product rating' method logic (OFBIZ-12680)

Last commit was wrong. I did not see I copied the string
"on-event-update-area area-target" and so did not find ""on-event-update-area"
in widget-form.xsd :/

This removes it, was not the pb

4 weeks agoImproved: Optimize the 'get average product rating' method logic (OFBIZ-12680)
Jacques Le Roux [Tue, 30 Aug 2022 14:11:50 +0000 (16:11 +0200)] 
Improved: Optimize the 'get average product rating' method logic (OFBIZ-12680)

We missed an "on-event-update-area area-target" element in widget-common.xsd
Not sure it'e enough to fix the current issue in StoreForms.xml

Also while at it removes trailing spages in StoreForms.xml (no other changes)

4 weeks agoFixed: Add auto-parameters-form option to on-event-update-area link in xml form ...
Jacques Le Roux [Tue, 30 Aug 2022 11:25:59 +0000 (13:25 +0200)] 
Fixed: Add auto-parameters-form option to on-event-update-area link in xml form (OFBIZ-12684)

This should possibly fixes a DTD issue put in with the feature as reported by
UtilXml:
A schema cannot contain two global components with the same name; this schema
contains two occurrences of
'http://ofbiz.apache.org/Widget-Form,auto-parameters-form'.

4 weeks agoImproved: The big problem when loading seed. (OFBIZ-7754)
Jacques Le Roux [Tue, 30 Aug 2022 08:22:45 +0000 (10:22 +0200)] 
Improved: The big problem when loading seed. (OFBIZ-7754)

Regarding, OFBIZ-7112,
that's good for who start on use the ofbiz with initial setup, but not for the
site that already online and has to update the OFBiz core. Because when has
update OFBiz core they will use command load-seed for update.

The problem is if we use load-seed mean the configuration data that's already
exists will be replaced by the data from this file, CommonSystemPropertyData.xml

So, for my suggestion should change the reader from seed to seed-initial or
remove systemPropertyValue from the data file.

Thanks: Kongrath Suankaewmanee

4 weeks agoBump jquery in /themes/common-theme/webapp/common-theme/js (#542)
dependabot[bot] [Mon, 29 Aug 2022 14:12:16 +0000 (16:12 +0200)] 
Bump jquery in /themes/common-theme/webapp/common-theme/js (#542)

Bumps [jquery](https://github.com/jquery/jquery) from 3.6.0 to 3.6.1.
- [Release notes](https://github.com/jquery/jquery/releases)
- [Commits](https://github.com/jquery/jquery/compare/3.6.0...3.6.1)

---
updated-dependencies:
- dependency-name: jquery
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
4 weeks agoImproved: Add auto-parameters-form option to on-event-update-area link in xml form...
Jacques Le Roux [Mon, 29 Aug 2022 08:18:52 +0000 (10:18 +0200)] 
Improved: Add auto-parameters-form option to on-event-update-area link in xml form (OFBIZ-12684)

As we have an auto-parameters-entity and an auto-parameters-service option in
xml forms on-event-update-area tags, it could be useful to have an
auto-parameters-form option that will propagate current form fields as parameters
to the paginate or submit action link (for instance in modal "tunnel" processes)

Currently, if you want to propagate the parameters of a form to a zone that is
refreshed in ajax after the submit you have to write specific javascript code or
to return all the parameters sent to the request through a service as OUT
parameters and/or redirect-parameter.

This feature will add automatically the form parameters on the
generated on-event-update-area link

jleroux: fixed 3 checkstyle issues:
> Task :checkstyleMain
[ant:checkstyle] [ERROR] CommonWidgetModels.java:385:17:
Il y a une espace de trop après '!'. [NoWhitespaceAfter]

[ant:checkstyle] [ERROR] CommonWidgetModels.java:398:77:
Il manque une espace après 'conversion de type'. [WhitespaceAfter]

[ant:checkstyle] [ERROR] ModelForm.java:2326:
La ligne excède 150 caractères (trouvé 155). [LineLength]

Thanks: Leila

4 weeks agoFixed: Content tag in a screen does not display correctly images (OFBIZ-12685)
Jacques Le Roux [Sun, 28 Aug 2022 15:57:56 +0000 (17:57 +0200)] 
Fixed: Content tag in a screen does not display correctly images (OFBIZ-12685)

When we want to display an image content within a screen through <content/> tag,
images are not rendered correctly
To test:
Go to admin party profile page and upload a picture file as a new "LGOIMGURL"
for instance: https://localhost:8443/partymgr/control/viewprofile?partyId=admin

When your content file is uploaded, note the contentId and got to page
ShowContent (which render content using the tag <content />)
https://localhost:8443/content/control/showContent?contentId=XXXXX
The image will not be rendered without the given patch.

jleroux: since it's eventually negated, it makes no sense to test if the
content is either an image or an application. It can't be both. This is a very
old feature (pre-apache era) that seems to have never been tested/used
I have made a formatting change and added a comment to explain.

Thanks: Leila Mekika

4 weeks agoFixed: Tax calculation not considering productStoreGroup (OFBIZ-12686)
Jacques Le Roux [Sat, 27 Aug 2022 10:14:48 +0000 (12:14 +0200)] 
Fixed: Tax calculation not considering productStoreGroup (OFBIZ-12686)

As reported by Ingo the productStoreId field does not exist in the ProductPrice
entity, it's productStoreGroupId. This fixes it

Thanks: Ingo for issue report

4 weeks agoFixed: Tax calculation not considering productStoreGroup (OFBIZ-12686)
Jacques Le Roux [Sat, 27 Aug 2022 08:13:23 +0000 (10:13 +0200)] 
Fixed: Tax calculation not considering productStoreGroup (OFBIZ-12686)

By default OOTB there is no primaryStoreGroupId. So a test fails because of that.
This checks that it's present before searching for it.

I did not check it's related but maybe a look at how it's handled in
PriceServices::calculateProductPrice might help to possibly enhance.

4 weeks agoFixed: Tax calculation not considering productStoreGroup (OFBIZ-12686)
Jacques Le Roux [Fri, 26 Aug 2022 17:28:21 +0000 (19:28 +0200)] 
Fixed: Tax calculation not considering productStoreGroup (OFBIZ-12686)

For one product I have different prices according to the product store:
B2C store: taxinPrice = Y
B2B store: taxinPrice = N
The tax calc service takes the most current price and ignores the product store.
Therefore it may happen that SALES_TAX is calculated instead of VAT_TAX.

Thanks: Ingo Wolfmayr for the initial patch

4 weeks agoBump dompurify in /themes/common-theme/webapp/common-theme/js (#539)
dependabot[bot] [Thu, 25 Aug 2022 15:06:03 +0000 (17:06 +0200)] 
Bump dompurify in /themes/common-theme/webapp/common-theme/js (#539)

Bumps [dompurify](https://github.com/cure53/DOMPurify) from 2.3.11 to 2.4.0.
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](https://github.com/cure53/DOMPurify/compare/2.3.11...2.4.0)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
4 weeks agoBump dompurify in /themes/common-theme/webapp/common-theme/js (#537)
dependabot[bot] [Wed, 24 Aug 2022 10:19:46 +0000 (12:19 +0200)] 
Bump dompurify in /themes/common-theme/webapp/common-theme/js (#537)

Bumps [dompurify](https://github.com/cure53/DOMPurify) from 2.3.10 to 2.3.11.
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](https://github.com/cure53/DOMPurify/compare/2.3.10...2.3.11)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
5 weeks agoImproved: Configure of after-login Events in BasicLogin. (OFBIZ-12630)
Georg [Fri, 29 Jul 2022 12:59:10 +0000 (14:59 +0200)] 
Improved: Configure of after-login Events in BasicLogin. (OFBIZ-12630)

5 weeks agoBump uglify-js in /themes/common-theme/webapp/common-theme/js (#536)
dependabot[bot] [Fri, 19 Aug 2022 14:51:42 +0000 (16:51 +0200)] 
Bump uglify-js in /themes/common-theme/webapp/common-theme/js (#536)

Bumps [uglify-js](https://github.com/mishoo/UglifyJS) from 3.16.3 to 3.17.0.
- [Release notes](https://github.com/mishoo/UglifyJS/releases)
- [Commits](https://github.com/mishoo/UglifyJS/compare/v3.16.3...v3.17.0)

---
updated-dependencies:
- dependency-name: uglify-js
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
6 weeks agoBump jquery-ui-dist in /themes/common-theme/webapp/common-theme/js (#534)
dependabot[bot] [Mon, 15 Aug 2022 14:55:15 +0000 (16:55 +0200)] 
Bump jquery-ui-dist in /themes/common-theme/webapp/common-theme/js (#534)

Bumps [jquery-ui-dist](https://github.com/jquery/jquery-ui) from 1.13.1 to 1.13.2.
- [Release notes](https://github.com/jquery/jquery-ui/releases)
- [Commits](https://github.com/jquery/jquery-ui/compare/1.13.1...1.13.2)

---
updated-dependencies:
- dependency-name: jquery-ui-dist
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
6 weeks agoBump trumbowyg in /themes/common-theme/webapp/common-theme/js (#533)
dependabot[bot] [Sat, 13 Aug 2022 07:26:00 +0000 (09:26 +0200)] 
Bump trumbowyg in /themes/common-theme/webapp/common-theme/js (#533)

Bumps [trumbowyg](https://github.com/Alex-D/Trumbowyg) from 2.25.1 to 2.25.2.
- [Release notes](https://github.com/Alex-D/Trumbowyg/releases)
- [Commits](https://github.com/Alex-D/Trumbowyg/compare/v2.25.1...v2.25.2)

---
updated-dependencies:
- dependency-name: trumbowyg
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
7 weeks agoFixed: Wrong Less file path for some theme/locale combinations (OFBIZ-12660) (#521)
Florian Motteau [Wed, 10 Aug 2022 08:35:49 +0000 (10:35 +0200)] 
Fixed: Wrong Less file path for some theme/locale combinations (OFBIZ-12660) (#521)

For some themes, we rely on toLowerCase method to build a Less file path.
toLowerCase("I") = "ı" for some locales (TR, AZ), which lead to incorrect
file paths and finally broken themes.

8 weeks agoBump flot in /themes/common-theme/webapp/common-theme/js (#532)
dependabot[bot] [Tue, 2 Aug 2022 17:44:57 +0000 (19:44 +0200)] 
Bump flot in /themes/common-theme/webapp/common-theme/js (#532)

Bumps [flot](https://github.com/flot/flot) from 4.2.2 to 4.2.3.
- [Release notes](https://github.com/flot/flot/releases)
- [Changelog](https://github.com/flot/flot/blob/master/CHANGELOG.md)
- [Commits](https://github.com/flot/flot/compare/v4.2.2...v4.2.3)

---
updated-dependencies:
- dependency-name: flot
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 months agoUpdated notification tag maxOccurs, as system allow multiple notification per service
Deepak Dixit [Fri, 29 Jul 2022 09:41:52 +0000 (15:11 +0530)] 
Updated notification tag maxOccurs, as system allow multiple notification per service

2 months ago Improved: Updated mysql jdbc-driver class from com.mysql.jdbc.Driver to com.mysql...
Deepak Dixit [Fri, 29 Jul 2022 09:19:59 +0000 (14:49 +0530)] 
 Improved: Updated mysql jdbc-driver class from com.mysql.jdbc.Driver to com.mysql.cj.jdbc.Driver (OFBIZ-12675) (#529)

MySQL Connector/J 8.0 is highly recommended for use with MySQL Server 8.0 and 5.7. Please upgrade to MySQL Connector/J 8.0.
https://dev.mysql.com/doc/connector-j/8.0/en/

2 months agoImproved: change uglify-js to real version number
Jacques Le Roux [Thu, 28 Jul 2022 07:55:38 +0000 (09:55 +0200)] 
Improved: change uglify-js to real version number

"latest" was preventing updates in trunk demo (merge conflict)

2 months agoImproved: Data of tenant specific component gets loaded in all instances (OFBIZ-6065)
Jacques Le Roux [Thu, 28 Jul 2022 07:40:28 +0000 (09:40 +0200)] 
Improved: Data of tenant specific component gets loaded in all instances (OFBIZ-6065)

Improves the information provided about importing and loadAll Gradle task
loadTenant Gradle task should be used when necessary

2 months agoImproved: Data of tenant specific component gets loaded in all instances (OFBIZ-6065)
Jacques Le Roux [Wed, 27 Jul 2022 14:20:55 +0000 (16:20 +0200)] 
Improved: Data of tenant specific component gets loaded in all instances (OFBIZ-6065)

The tenant relevant Gradle tasks are:

OFBiz Server tasks
------------------
createTenant - Create a new tenant in your environment
loadAdminUserLogin - Create admin user with temporary password equal to ofbiz.
You must provide userLoginId
loadAll - Load default data; meant for OFBiz development, testing, and demo
purposes
loadTenant - Load data using tenantId

loadAll is the new "ant load-data" and should clearly only used for
"OFBiz development, testing, and demo purposes".

Remains the import functionalities. We don't want to get to far with that,
a warning is enough.

Thanks: Pierre Smits for report

2 months agoBump uglify-js in /themes/common-theme/webapp/common-theme/js (#527)
dependabot[bot] [Tue, 26 Jul 2022 17:07:22 +0000 (19:07 +0200)] 
Bump uglify-js in /themes/common-theme/webapp/common-theme/js (#527)

Bumps [uglify-js](https://github.com/mishoo/UglifyJS) from 3.16.2 to 3.16.3.
- [Release notes](https://github.com/mishoo/UglifyJS/releases)
- [Commits](https://github.com/mishoo/UglifyJS/compare/v3.16.2...v3.16.3)

---
updated-dependencies:
- dependency-name: uglify-js
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 months agoImproved: Update Groovy to 2.5.18 (OFBIZ-12673)
Jacques Le Roux [Mon, 25 Jul 2022 07:02:14 +0000 (09:02 +0200)] 
Improved: Update Groovy to 2.5.18 (OFBIZ-12673)

See https://lists.apache.org/thread/r3q4mh3nnxyl7p0gclzbshcgz574l3sp, notably:

    This release is a maintenance release of the GROOVY_2_5_X branch.
    It is strongly encouraged that all users using prior
    versions on this branch upgrade to this version.

    This release includes 15 bug fixes/improvements as outlined in the changelog:
    https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318123&version=12351798

2 months agoFixed: Fix OFBiz speficic Javascript securiy issues reported by GH CodeQL (OFBIZ...
Jacques Le Roux [Mon, 18 Jul 2022 15:34:59 +0000 (17:34 +0200)] 
Fixed: Fix OFBiz speficic Javascript securiy issues reported by GH CodeQL (OFBIZ-12366)

Actually I put in a path error then, it's not
value="/common/js/node_modules/node_modules/dompurify/dist/purify.min.js"
but
value="/common/js/node_modules/dompurify/dist/purify.min.js"

This fixes it

2 months agoImproved: Strip data to maximum column length for initialRequest and (#526)
georg1312 [Mon, 25 Jul 2022 07:14:08 +0000 (09:14 +0200)] 
Improved: Strip data to maximum column length for initialRequest and (#526)

initialReferrer (OFBIZ-12672)

Analogous to the existing limitation of the "initialUserAgent" to 250
characters, installation of a limitation of 2000 characters for
initialRequest and initialReferrer, so as not to exit with
"MysqlDataTruncation: Data truncation: Data too long for column
'INITIAL_REFERRER' at row 1" in the case of very long requests.

2 months agoImproved: Make loading of data containing urls configurable
Michael Brohl [Tue, 19 Jul 2022 10:57:58 +0000 (12:57 +0200)] 
Improved: Make loading of data containing urls configurable
(OFBIZ-12670)

Introduces a SystemProperty security#security.datafile.loadurls.enable
which can be set to true to allow loading of urls in the XML import.

2 months agoBump dompurify in /themes/common-theme/webapp/common-theme/js (#522)
dependabot[bot] [Mon, 18 Jul 2022 15:54:57 +0000 (17:54 +0200)] 
Bump dompurify in /themes/common-theme/webapp/common-theme/js (#522)

Bumps [dompurify](https://github.com/cure53/DOMPurify) from 2.3.9 to 2.3.10.
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](https://github.com/cure53/DOMPurify/compare/2.3.9...2.3.10)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 months agoImplemented: Define return user message from controller (OFBIZ-12652)
Nicolas Malin [Fri, 15 Jul 2022 13:59:09 +0000 (15:59 +0200)] 
Implemented: Define return user message from controller (OFBIZ-12652)

Currently, when you wish return a message to a user after an event request, you need to set it ine the called event.

for a service in java :
  ServiceUtil.returnSuccess("Your service is a success")

for a service in groovy :
  return success("Your service is a success")

for a Java class :
  request.setAttribute("_EVENT_MESSAGE_", "Your service is a success");

If during an integration, you want to use standard service like createProduct, createPartyRelationship, and need a specific message for users, you need to define your own service.

For escape this case and increase the service usability, I propose to implement a new system to override the event return by a definition depending on the buisness context.

For that two improvement :
1. Add new child element to request-map->response on the controller
    With given the exact value:

         <response name="success" type="request" value="json">
             <return-user-message value="Your service is a success"/>
         </response>

    With a flexible expander:

        <response name="success" type="request" value="json">
           <return-user-message value="Your service to change is a success"/>
        </response>

    With a property:

        <response name="success" type="request" value="json">
           <return-user-message ressource="CommonUiLabels" value="CommonSuccessfullyCreated"/>
        </response>

    From a context field:

        <response name="success" type="request" value="json">
           <return-user-message from-field="mySpecificReturnMessage"/>
        </response>

2. From the context directly sent from the form

  <form name="CallEvent" target="MyEvent" .. >
     <field name="_CUSTOM_EVENT_MESSAGE_"> <hidden value="Your service to change is a success"/>
     <field name="_CUSTOM_ERROR_MESSAGE_"> <hidden value="Your service failed"/>

Thanks to Florian Motteau for the implementation help

2 months agoImproved: Update documentation for official support of java 11
Nicolas Malin [Fri, 15 Jul 2022 09:14:35 +0000 (11:14 +0200)] 
Improved: Update documentation for official support of java 11

2 months agoFixed: Calendar in Work Effort does not work (OFBIZ-12665)
Nicolas Malin [Fri, 15 Jul 2022 12:38:16 +0000 (14:38 +0200)] 
Fixed: Calendar in Work Effort does not work (OFBIZ-12665)

Fix a null pointer exception when a menu extend a menu with empty item.
In this case, we use a empty link for the extended menu.

Thanks to Jacques Leroux for the alert

2 months agoImproved: Convert StorageServices.xml mini-lang to groovyDSL (OFBIZ-9350) (OFBIZ...
Nicolas Malin [Fri, 15 Jul 2022 12:31:18 +0000 (14:31 +0200)] 
Improved: Convert StorageServices.xml mini-lang to groovyDSL (OFBIZ-9350) (OFBIZ-12669)

Convert the service createFacilityLocation from minilang to groovyDSL

Thanks to Tom Gibert for the help

2 months agoImproved: Convert PromoServices.xml mini-lang to groovyDSL (OFBIZ-9350) (OFBIZ-12668)
Nicolas Malin [Fri, 15 Jul 2022 09:30:41 +0000 (11:30 +0200)] 
Improved: Convert PromoServices.xml mini-lang to groovyDSL (OFBIZ-9350) (OFBIZ-12668)

Convert services createProductPromoCond and updateProductPromoCond from minilang to groovyDSL

Thanks to Tom Gibert for the help

2 months agoImproved: Convert SupplierProductServices.xml mini-lang to groovyDSL (OFBIZ-9350...
Nicolas Malin [Fri, 15 Jul 2022 07:42:32 +0000 (09:42 +0200)] 
Improved: Convert SupplierProductServices.xml mini-lang to groovyDSL (OFBIZ-9350) (OFBIZ-12667)

Convert the service getSupplierProductFeatures from mini-lang to groovyDSL

Thanks to Tom Gibert for the help

2 months agoBump dompurify in /themes/common-theme/webapp/common-theme/js (#520)
dependabot[bot] [Tue, 12 Jul 2022 06:45:03 +0000 (08:45 +0200)] 
Bump dompurify in /themes/common-theme/webapp/common-theme/js (#520)

Bumps [dompurify](https://github.com/cure53/DOMPurify) from 2.3.8 to 2.3.9.
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](https://github.com/cure53/DOMPurify/compare/2.3.8...2.3.9)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 months agoImproved: WorkEffort - MainActionMenu (OFBIZ-12557) (#498)
Pierre Smits [Sun, 10 Jul 2022 12:47:35 +0000 (14:47 +0200)] 
Improved: WorkEffort - MainActionMenu (OFBIZ-12557) (#498)

Currently the create buttons for the main objects of the work effort  are located within the find and other widgets/templates of those objects.
In order to improve the usability of OFBiz (and thus the appeal of it for adopters and users) these create buttons/links/etc. should be in a main action menu visible at all times when a user is working within the component.

modified:
WorkEffortMenus.xml - added MainActionMenu for users with CREATE permission in the component
CommonScreens.xml - added MainActionMenu as an 'include-menu' ref in various common decorator screens.
Added MainActionMenu as an 'include-menu' in screen definitions in various other Screen.xml files where appropriate
additional cleaning.

2 months agoImproved: dependabot.yml missed an ASL2 licence header
Jacques Le Roux [Sun, 10 Jul 2022 08:55:44 +0000 (10:55 +0200)] 
Improved: dependabot.yml missed an ASL2 licence header

2 months agoImproved: Allow DynamicView use in standard performFind services (OFBIZ-12663)
Nicolas Malin [Fri, 8 Jul 2022 15:33:30 +0000 (17:33 +0200)] 
Improved: Allow DynamicView use in standard performFind services (OFBIZ-12663)

Extend standard find services (prepareFind, executeFind and performFind) to use a built dynamicView instead of just an entityName.

With this, you can prepare a dedicated dynamicView and call the performFind with on result a database optimisation.

Thanks to Leila Mekika for this proposal and patch

2 months agoBump jquery-validation in /themes/common-theme/webapp/common-theme/js (#519)
dependabot[bot] [Mon, 4 Jul 2022 16:10:41 +0000 (18:10 +0200)] 
Bump jquery-validation in /themes/common-theme/webapp/common-theme/js (#519)

Bumps [jquery-validation](https://github.com/jquery-validation/jquery-validation) from 1.19.4 to 1.19.5.
- [Release notes](https://github.com/jquery-validation/jquery-validation/releases)
- [Changelog](https://github.com/jquery-validation/jquery-validation/blob/master/changelog.md)
- [Commits](https://github.com/jquery-validation/jquery-validation/compare/1.19.4...1.19.5)

---
updated-dependencies:
- dependency-name: jquery-validation
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 months agoBump uglify-js in /themes/common-theme/webapp/common-theme/js (#518)
dependabot[bot] [Mon, 4 Jul 2022 16:09:49 +0000 (18:09 +0200)] 
Bump uglify-js in /themes/common-theme/webapp/common-theme/js (#518)

Bumps [uglify-js](https://github.com/mishoo/UglifyJS) from 3.16.1 to 3.16.2.
- [Release notes](https://github.com/mishoo/UglifyJS/releases)
- [Commits](https://github.com/mishoo/UglifyJS/compare/v3.16.1...v3.16.2)

---
updated-dependencies:
- dependency-name: uglify-js
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 months agoImproved: Add sequenceNum field on contentAssoc list (OFBIZ-12654)
Nicolas Malin [Fri, 1 Jul 2022 16:49:06 +0000 (18:49 +0200)] 
Improved: Add sequenceNum field on contentAssoc list (OFBIZ-12654)

By the way, clean unnecessary code and change groovy scripting call by the native date translation

Thanks to Ingo Wolfmayr for this issue

2 months agoImproved: Add missing parameter on xsd for widget-form:on-field-event-update-area...
Nicolas Malin [Fri, 1 Jul 2022 16:30:27 +0000 (18:30 +0200)] 
Improved: Add missing parameter on xsd for widget-form:on-field-event-update-area (OFBIZ-12586)

On the widget-form.xsd definition, the element on-field-event-update-area haven't possibility to define some parameters.

But on java code, the on-field-event-update-area is read like on-event-update-area.

If you put some parameters on your code, your editor raise a syntax error but OFBiz analyse and execute it well.

            <wf:field name="reload" >
                <wf:submit/>
                <wf:on-field-event-update-area event-type="click"
                                               area-target="ReloadIt">
                    <wf:auto-parameters-service service-name="computeForReload" send-if-empty="false"/>
                </wf:on-field-event-update-area>
            </wf:field>

By the way we can synchronize the on-field-event-update-area xsd on on-event-update-area.

2 months agoImproved: Convert a display-entity to hyperlink if subhyperlink this empty (OFBIZ...
Nicolas Malin [Fri, 1 Jul 2022 16:21:17 +0000 (18:21 +0200)] 
Improved: Convert a display-entity to hyperlink if subhyperlink this empty (OFBIZ-12547)

When you define a display-entity you have the possibility to add a sub-hyperlink related to the element displayed.

             <field name="partyIdFrom">
                <display-entity entity-name="PartyNameView" key-field-name="partyId" description="${groupName}${firstName} ${lastName}">
                    <sub-hyperlink target="viewprofile" description="view">...</sub-hyperlink>
                </display-entity>
            <field>

This display the party name with a link "view" connected.

When you use the name as link without a dedicate sub link, you need to change all the form to resolve the information to display for creating an hyperlink

            <row-actions>
                <entity-one entity-name="PartyNameView" value-field="partyName">
                        <field-map field-name="partyId" from-field="partyIdFrom"/>
                </entity-one>
                <set field="partyNameValue" value=" ${partyName.groupName}${partyName.firstName} ${partyName.lastName}"/>
            </row-actions>
            <field name="partyIdFrom">
                <hyperlink target="viewprofile" description="${partyNameValue}">..</hyperlink>
            </field>

We lost the advantage of the display-entity. With this case, we improve display-entity with the following rule :

If the display-entity has a subhyperlink and the subhyperlink haven't description, the description of the link is the display-entity description.
In the code, if a sub-hyperlink has an empty description, we convert the display entity as a hyperlink

2 months agoImproved: Refactoring service resenquence (OFBIZ-12624)
Nicolas Malin [Fri, 1 Jul 2022 15:53:38 +0000 (17:53 +0200)] 
Improved: Refactoring service resenquence (OFBIZ-12624)

The service "resequence" compute for a content all sequenceNum for linked content assoc.

The code is very old (before apache) so apply a slim refactor and migrate the service name resequence to resequenceContentAssocChildren.

By the way I kept the service definition resequence to move it as deprecated.

2 months agoFixed: MenuItem doesn't follow correctly extended informations (OFBIZ-12628)
Nicolas Malin [Fri, 1 Jul 2022 15:35:17 +0000 (17:35 +0200)] 
Fixed: MenuItem doesn't follow correctly extended informations (OFBIZ-12628)

Fix a null pointer exception when the extended menu have an entry without link.

Thanks to Jacques Leroux for the alert

2 months agoImproved: CustomSafePolicy, also use TagBalancingHtmlStreamEventReceiver (OFBIZ-12653)
Jacques Le Roux [Fri, 1 Jul 2022 15:26:18 +0000 (17:26 +0200)] 
Improved: CustomSafePolicy, also use TagBalancingHtmlStreamEventReceiver (OFBIZ-12653)

Adds <img> and <hr> to CustomSafePolicy, removes obsolete <tt>. <img> allows
only attributes src and alt.

Both <br> and <br /> are correct. For that, this rather uses
TagBalancingHtmlStreamEventReceiver

Thanks: Ingo Wolfmayr

2 months agoImproved: Helveticus App-Bar Css Issue - Height change on hover (OFBIZ-12661)
Jacques Le Roux [Wed, 29 Jun 2022 08:52:55 +0000 (10:52 +0200)] 
Improved: Helveticus App-Bar Css Issue - Height change on hover (OFBIZ-12661)

When hovering an app-navigation item, the height of the app bar changes.
Doesn't look good. Attached the correction.

Thanks: Ingo Wolfmayr

2 months agoImproved: Update build.gradle to the latest dependencies (OFBIZ-12658)
Jacques Le Roux [Wed, 29 Jun 2022 08:45:34 +0000 (10:45 +0200)] 
Improved: Update build.gradle to the latest dependencies (OFBIZ-12658)

Reverts asciidoctorj-pdf to 1.5.3

Not sure it will work, at least I have a (another?) problem locally in Win 7

3 months agoImproved: Update build.gradle to the latest dependencies (OFBIZ-12658)
Jacques Le Roux [Tue, 28 Jun 2022 17:29:17 +0000 (19:29 +0200)] 
Improved: Update build.gradle to the latest dependencies (OFBIZ-12658)

Reverts tika-core to 1.28.4 and fop to 2.3

I did not launch the tests, those did not pass:
ecommercetests testSendOrderConfirmation
widgettests testFopMacroLibrary

Tika is a bit annoying, no security releases after Sept. 30

3 months agoImproved: Runs GitHub Gradle build with Java 11
Jacques Le Roux [Mon, 27 Jun 2022 18:21:27 +0000 (20:21 +0200)] 
Improved: Runs GitHub Gradle build with Java 11

New line just to apply change made in Buildbot config to run w/ Java 11

Thanks to Gavin who noticed I forgot one line in Buildbot config  :/

3 months agoImproved: Runs GitHub Gradle build with Java 11
Jacques Le Roux [Mon, 27 Jun 2022 17:54:35 +0000 (19:54 +0200)] 
Improved: Runs GitHub Gradle build with Java 11

New line just to apply change made in Buildbot config to run w/ Java 11

Seems last time Buildbot did not catch up or something is wrong
I double checked Buildbot config is properly set to run w/ Java 11 and change is
committed

Trying again after Gavin confirmed it should be OK on Slack #asfinfra channel

3 months agoImproved: Runs GitHub Gradle build with Java 11
Jacques Le Roux [Mon, 27 Jun 2022 17:15:08 +0000 (19:15 +0200)] 
Improved: Runs GitHub Gradle build with Java 11

New line just to apply change made in Buildbot config to run w/ Java 11

Seems last time Buildbot did not catch up or something is wrong
I double checked Buildbot config is properly set to run w/ Java 11 and change is
committed

3 months agoImproved: Runs GitHub Gradle build with Java 11
Jacques Le Roux [Mon, 27 Jun 2022 16:39:17 +0000 (18:39 +0200)] 
Improved: Runs GitHub Gradle build with Java 11

Trivial change just to apply change made in Buildbot config to run w/ Java 11

3 months agoImproved: Runs GitHub Gradle build with Java 11
Jacques Le Roux [Mon, 27 Jun 2022 16:07:28 +0000 (18:07 +0200)] 
Improved: Runs GitHub Gradle build with Java 11

3 months agoImproved: Update build.gradle to the latest dependencies (OFBIZ-12658)
Jacques Le Roux [Mon, 27 Jun 2022 13:40:08 +0000 (15:40 +0200)] 
Improved: Update build.gradle to the latest dependencies (OFBIZ-12658)

I noticed that JpegImageParser from Apache Commons Imaging never had a write
option. So I commented it out. I tested uploading, it's OK

org.apache.axiom.om.impl.builder.StAXOMBuilder has been replaced by
org.apache.axiom.om.OMXMLParserWrapper
in SOAPEventHandler.java

The rest of information is in the main build.gradle

I got 2 test errors on Win7. I'll see how it goes on GH and BB.
Maybe it's write.lock issues with Lucene or/and Solr indexes

3 months agoFixed: [SECURITY] Upgrade Tika to 1.28.4 (OFBIZ-12657)
Jacques Le Roux [Wed, 22 Jun 2022 11:52:33 +0000 (13:52 +0200)] 
Fixed: [SECURITY] Upgrade Tika to 1.28.4 (OFBIZ-12657)

Mentionned at https://tika.apache.org/
Apache Tika 1.28.4 has been released! This release includes security related
fixes and dependency upgrades
Note: The Apache Tika PMC has set September 30, 2022 as the End Of Life for the
Tika 1.x branch.

3 months agoImproved: OWASP sanitizer breaks proper rendering of HTML code (OFBIZ-12653)
Jacques Le Roux [Tue, 21 Jun 2022 18:48:36 +0000 (20:48 +0200)] 
Improved: OWASP sanitizer breaks proper rendering of HTML code  (OFBIZ-12653)

Allows both <br> and <br /> to pass in UtilCodec::checkStringForHtmlSafe, both
are correct.

Clarifies owasp.properties documentation about how to create own sanitizer
policies

3 months agoBump uglify-js in /themes/common-theme/webapp/common-theme/js (#516)
dependabot[bot] [Fri, 17 Jun 2022 15:38:07 +0000 (17:38 +0200)] 
Bump uglify-js in /themes/common-theme/webapp/common-theme/js (#516)

Bumps [uglify-js](https://github.com/mishoo/UglifyJS) from 3.15.4 to 3.16.1.
- [Release notes](https://github.com/mishoo/UglifyJS/releases)
- [Commits](https://github.com/mishoo/UglifyJS/compare/v3.15.4...v3.16.1)

---
updated-dependencies:
- dependency-name: uglify-js
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 months agoImproved: Update npm dependencies to the latest (OFBIZ-12596)
Jacques Le Roux [Fri, 17 Jun 2022 13:44:20 +0000 (15:44 +0200)] 
Improved: Update npm dependencies to the latest (OFBIZ-12596)

Dependabot does not support paths with "\" as in Windows

3 months agoImproved: Update npm dependencies to the latest (OFBIZ-12596)
Jacques Le Roux [Fri, 17 Jun 2022 13:28:15 +0000 (15:28 +0200)] 
Improved: Update npm dependencies to the latest (OFBIZ-12596)

This supersedes the usage of npx npm-check-updates by automating npm things with Dependabot in GH

3 months agoFixed: Service getNextOrderId failed if a customMethod is present (OFBIZ-12651)
Nicolas Malin [Fri, 17 Jun 2022 11:45:03 +0000 (13:45 +0200)] 
Fixed: Service getNextOrderId failed if a customMethod is present (OFBIZ-12651)

When you generate an order on a party who have a PartyAcctgPreference with a customMethod orderSequence_enforced, the service failed due to the missing parameter partyAcctgPreference.

Like quote and invoice it's preferable to forward the partyAcctgPreference information.

3 months agoFixed: MenuItem doesn't follow correctly extended informations (OFBIZ-12628)
Nicolas Malin [Fri, 17 Jun 2022 09:19:22 +0000 (11:19 +0200)] 
Fixed: MenuItem doesn't follow correctly extended informations (OFBIZ-12628)

When you use two menus where the second extend the first, menu items and menu links aren't correctly propagated.

The menu items and menu links presents on the second menu already have the first menu on their model.

    ****
    <menu name="FirstMenu" extends="CommonInlineBarMenu" extends-resource="component://common/widget/CommonMenus.xml">
        <menu-item name="MyItem">
            <link target="GoAction"/>
        </menu-item>
    </menu>
    <menu name="SecondMenu" extends="FirstMenu"/>
    ****

The result, if during the rendering some information are generated from the menu, in the previous case, it's always the "FirstMenu" that would be use.

Like when your menu generate a hidden-form, the SecondMenu link the bad form

    ****
    <form method="post" action="GoAction" onsubmit="javascript:submitFormDisableSubmits(this)" name="SecondMenu">...</form>
    <a href="javascript:ajaxSubmitFormUpdateAreas('FirstMenu', 'xxx')">MyItem</a>
    ****

To solve it and don't break the thread safe pattern, I introduce two new constructor for ModelItem and MenuLink for duplicate the ModelMenuItem and MenuLink in memory with the new parent. With this, the SecondMenu iw now completely duplicated on memory and now share any reference with the extended menu.

Thanks to Marco Rodrigues that detect this problem

3 months agoFixed: Function ProductWorker.shippingApplies failed if chargeShipping is empty ...
Nicolas Malin [Fri, 17 Jun 2022 08:02:02 +0000 (10:02 +0200)] 
Fixed: Function ProductWorker.shippingApplies failed if chargeShipping is empty (OFBIZ-12649)

No functional change (correction on trunk already did by the OFBIZ-12609)

Condensing the code and remove unused errMsg variable.

3 months agoImproved: Unable to upload a file through ecommerce (OFBIZ-12636)
Jacques Le Roux [Thu, 16 Jun 2022 15:43:49 +0000 (17:43 +0200)] 
Improved: Unable to upload a file through ecommerce (OFBIZ-12636)

Allows to check for only CSV files. This is not used OOTB in OFBiz.

Thanks: Sachin for report and confirmation it's OK

3 months agoFixed: CategoryContentAssoc form vs. grid (OFBIZ-12641)
Jacques Le Roux [Tue, 14 Jun 2022 15:13:18 +0000 (17:13 +0200)] 
Fixed: CategoryContentAssoc form vs. grid (OFBIZ-12641)

ScreenWidget links to form  but should be grid.

Thanks: Ingo Wolfmayr

3 months agoFixed: Wrong location for service updateContentSEOCategory (OFBIZ-12642)
Jacques Le Roux [Tue, 14 Jun 2022 15:10:53 +0000 (17:10 +0200)] 
Fixed: Wrong location for service updateContentSEOCategory (OFBIZ-12642)

Service has been moved to groovy but definition still links to minilang.

Thanks: Ingo Wolfmayr

3 months agoImproved: updates codeQL to V2 as asked at
Jacques Le Roux [Sat, 11 Jun 2022 14:47:51 +0000 (16:47 +0200)] 
Improved: updates codeQL to V2 as asked at
https://github.com/apache/ofbiz-framework/actions/runs/2479996158

3 months agoImproved: Secure the uploads (OFBIZ-12080)
Jacques Le Roux [Sat, 11 Jun 2022 12:45:09 +0000 (14:45 +0200)] 
Improved: Secure the uploads (OFBIZ-12080)

Few more debug log texts changes for clarity

I backport to ease future merging while backporting