[OFBIZ-12602] XML Import fails due to security check - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 17.12.09, 18.12.05, Upcoming Branch
Fix Version/s: 18.12.06, 22.01.01
Component/s: framework/webtools
Labels:
None

Description

When importing an entity like

<SystemProperty systemResourceId="catalog" 
systemPropertyId="image.server.path" systemPropertyValue="${sys:getProperty("ofbiz.home")}/themes/common-theme/webapp/images/${tenantId}" description="Image upload path on the server." lastUpdatedStamp="2022-04-14 12:00:12.597" lastUpdatedTxStamp="2022-04-14 12:00:12.596" createdStamp="2022-04-14 12:00:12.597" createdTxStamp="2022-04-14 12:00:12.596"/>

I get the following info message.

HTTP Status 403 – Forbidden
Type Status Report
Message Not saved for security reason, strings '${', '<#', '#{', '[=' or '[#' not accepted in fields!
Description The server understood the request but refuses to authorize it.

I do have the same problem when I try to update the value via entity mainainance. Importing an XML file works.

Would it make sense to bypass the check if the user has the appropriate permissions?

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

OFBIZ-12602.patch
20/Apr/22 09:56
2 kB
Jacques Le Roux

Issue Links

is broken by

OFBIZ-12594 Prevent Freemarker interpolation in fields

Closed

Activity

People

Assignee:: Jacques Le Roux

Reporter:: Ingo Wolfmayr

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 20/Apr/22 08:11

Updated:: 07/Jun/22 12:53

Resolved:: 20/Apr/22 12:21