Details

    • Type: Sub-task Sub-task
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Not A Problem
    • Affects Version/s: Release 4.0, Trunk
    • Fix Version/s: None
    • Component/s: framework
    • Labels:
      None
    • Sprint:
      Bug Crush Event - 21/2/2015

      Description

      The bug is explained here: http://markmail.org/message/qoxevijc45yhaixo
      Can someone with framework access commit it please.

      Thanks,
      Bilgin

      1. encode.patch
        5 kB
        Bilgin Ibryam
      2. encode.patch
        2 kB
        Bilgin Ibryam

        Issue Links

          Activity

          Bilgin Ibryam created issue -
          Bilgin Ibryam made changes -
          Field Original Value New Value
          Attachment encode.patch [ 12377021 ]
          Hide
          Adrian Crum added a comment -

          Bilgin,

          I'd like to hear more comments on the subject. Your patch only changes the default in the widget's xsd, it doesn't address the scenario where the xsd is not available. To handle that case, the model widgets would have to default the setting to true also. That could break a lot of existing code.

          Show
          Adrian Crum added a comment - Bilgin, I'd like to hear more comments on the subject. Your patch only changes the default in the widget's xsd, it doesn't address the scenario where the xsd is not available. To handle that case, the model widgets would have to default the setting to true also. That could break a lot of existing code.
          Bilgin Ibryam made changes -
          Attachment encode.patch [ 12377045 ]
          Hide
          Bilgin Ibryam added a comment -

          Adrian,

          I updated the patch according to your remarks.
          Can you tell me what kind of existing code this patch could break?

          Thanks for your review and comments!

          Show
          Bilgin Ibryam added a comment - Adrian, I updated the patch according to your remarks. Can you tell me what kind of existing code this patch could break? Thanks for your review and comments!
          Hide
          Adrian Crum added a comment -

          Bilgin,

          My concern is with external links - will the jsessionid parameter get appended to them also.

          Show
          Adrian Crum added a comment - Bilgin, My concern is with external links - will the jsessionid parameter get appended to them also.
          Hide
          Bilgin Ibryam added a comment -

          Adrian you are right,
          but setting encode attribute to false for external links should solve this issue?

          Show
          Bilgin Ibryam added a comment - Adrian you are right, but setting encode attribute to false for external links should solve this issue?
          Gavin made changes -
          Workflow jira [ 12424995 ] OFbiz Workflow [ 12505677 ]
          Jacopo Cappellato made changes -
          Affects Version/s Release 4.0 [ 12314978 ]
          Affects Version/s Release Branch 4.0 [ 12312469 ]
          Jacopo Cappellato made changes -
          Fix Version/s Trunk [ 12311928 ]
          Jacopo Cappellato made changes -
          Fix Version/s Release Branch 4.0 [ 12312469 ]
          Sharan Foga made changes -
          Sprint Bug Crush Event - 21/2/2015 [ 91 ]
          Sharan Foga made changes -
          Rank Ranked higher
          Sharan Foga made changes -
          Rank Ranked higher
          Sharan Foga made changes -
          Rank Ranked higher
          Jacques Le Roux made changes -
          Description The bug is explained here: http://www.nabble.com/Question-about-ofbiz-url-encoding-to15638660.html#a15638660
          Can someone with framework access commit it please.

          Thanks,
          Bilgin
          The bug is explained here: http://markmail.org/message/qoxevijc45yhaixo
          Can someone with framework access commit it please.

          Thanks,
          Bilgin
          Jacques Le Roux made changes -
          Status Open [ 1 ] Patch Available [ 10002 ]
          Hide
          Jacques Le Roux added a comment -

          Hi Bilgin, why this was never done finally? Unfortunately the patch does not apply at all...

          Show
          Jacques Le Roux added a comment - Hi Bilgin, why this was never done finally? Unfortunately the patch does not apply at all...
          Hide
          Pierre Smits added a comment -

          Jacques Le Roux The issue and the associated patch(es) are soon 8 years old. Patches have a limited shelf life.

          Show
          Pierre Smits added a comment - Jacques Le Roux The issue and the associated patch(es) are soon 8 years old. Patches have a limited shelf life.
          Hide
          Jacques Le Roux added a comment - - edited

          It's always interesting to review old issues. Actually we are now (since r1655803 for OFBIZ-5312) in the reverse situation. By default we don't use jsessionId with <@ofbizUrl>. It now depends on the <jsessionid> parameter in Seo Config (SeoConfig.xml), because <@ofbizUrl> is associated with UrlRegexpTransform

          It's a good thing. Because using a session id to identify and follow a session is now a deprecated technique (notably for security reason, see the OWASP link in this stackoverflow question for details) and everybody use cookies (try to work a complete day with cookies disabled for an experience ).

          So I close this issue as not a problem.

          Show
          Jacques Le Roux added a comment - - edited It's always interesting to review old issues. Actually we are now (since r1655803 for OFBIZ-5312 ) in the reverse situation. By default we don't use jsessionId with <@ofbizUrl>. It now depends on the <jsessionid> parameter in Seo Config (SeoConfig.xml), because <@ofbizUrl> is associated with UrlRegexpTransform It's a good thing. Because using a session id to identify and follow a session is now a deprecated technique (notably for security reason, see the OWASP link in this stackoverflow question for details) and everybody use cookies (try to work a complete day with cookies disabled for an experience ). So I close this issue as not a problem.
          Jacques Le Roux made changes -
          Status Patch Available [ 10002 ] Closed [ 6 ]
          Assignee Jacques Le Roux [ jacques.le.roux ]
          Resolution Not A Problem [ 8 ]
          Hide
          Jacques Le Roux added a comment -

          Of course this could be considered for still supported older releases, but, since nobody took care for 8 years, I guess it's not a problem

          Show
          Jacques Le Roux added a comment - Of course this could be considered for still supported older releases, but, since nobody took care for 8 years, I guess it's not a problem
          Jacques Le Roux made changes -
          Parent OFBIZ-1525 [ 12384719 ]
          Issue Type Bug [ 1 ] Sub-task [ 7 ]
          Jacques Le Roux made changes -
          Link This issue is related to OFBIZ-4645 [ OFBIZ-4645 ]
          Transition Time In Source Status Execution Times Last Executer Last Execution Date
          Open Open Patch Available Patch Available
          2787d 17h 35m 1 Jacques Le Roux 21/Oct/15 17:03
          Patch Available Patch Available Closed Closed
          22d 23h 16m 1 Jacques Le Roux 13/Nov/15 16:19

            People

            • Assignee:
              Jacques Le Roux
              Reporter:
              Bilgin Ibryam
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development

                  Agile