Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-2330

Main task for securing URLs in Freemarker templates files

    XMLWordPrintableJSON

Details

    • Task
    • Status: Closed
    • Major
    • Resolution: Fixed
    • Release Branch 09.04, Trunk
    • 17.12.01, 18.12.01
    • ALL COMPONENTS
    • None
    • Bug Crush Event - 21/2/2015

    Description

      The idea is to create a new subtask for each issue reported.
      This to avoid ending with a mess since a sole issue can be used for several issues.

      Attachments

        Issue Links

          incorporates

          Bug - A problem which impairs or prevents the functions of the product. OFBIZ-2420 javascript expert? the functions confirmActionLink and confirmActionFormLink not work anymore

          • Major - Major loss of function.
          • Closed
          is part of

          Improvement - An improvement or enhancement to an existing feature or task. OFBIZ-1525 Issue to group security concerns

          • Critical - Crashes, loss of data, severe memory leak.
          • Open
          is related to

          Bug - A problem which impairs or prevents the functions of the product. OFBIZ-6547 Screen with pagination on tables lead to multiple db entries when submitting

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. OFBIZ-2787 non-secure (https) request error [searchorders]

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          1.
          		 This is when, quich ship is used and later we attempt to change the shipment box type under the 'packages' tab. Sub-task Closed Jacques Le Roux  
          2.
          		 searchorders security related error Sub-task Closed Jacques Le Roux  
          3.
          		 createOrderAdjustment security related error Sub-task Closed Unassigned  
          4.
          		 Showing up on create of contact mech Sub-task Closed Vikas Mayur  
          5.
          		 Secured url related issue on delete link in pickListManage.ftl Sub-task Closed Vikas Mayur  
          6.
          		 Showing up on Search Orders from Order tab on Party Manager Sub-task Closed Unassigned  
          7.
          		 delete website from product store Sub-task Closed Jacques Le Roux  
          8.
          		 Delete Additional Addresses from New Profiles pages. Sub-task Closed Ashish Vijaywargiya  
          9.
          		 update store payment setting. Sub-task Closed Jacques Le Roux  
          10.
          		 cancel order in ecommerce, customer facing page Sub-task Closed Jacques Le Roux  
          11.
          		 editshipmentroutesegment page Sub-task Closed Unassigned  
          12.
          		 updateOrderAdjustment Sub-task Closed Jacques Le Roux  
          13.
          		 createOrderAdjustment, updateOrderAdjustment and deleteOrderAdjustment security related error Sub-task Closed Vikas Mayur  
          14.
          		 Security error on Remove return items Sub-task Closed Ashish Vijaywargiya  
          15.
          		 delete party from product Sub-task Closed Adam Heath  
          16.
          		 Delete contact from View Profile screen in eCommerce Sub-task Closed Jacques Le Roux  
          17.
          		 Create Request from shopping list in eCommerce Sub-task Closed Jacques Le Roux  
          18.
          		 Create Quote from shopping list in eCommerce Sub-task Closed Jacques Le Roux  
          19.
          		 Set Profile Default link on View Profile in eCommerce Sub-task Closed Vikas Mayur  
          20.
          		 Delete survey associated with a task Sub-task Closed Vikas Mayur  
          21.
          		 "Orders" link in profile of Party is not working due to security reasons Sub-task Closed Jacques Le Roux  
          22.
          		 Security error in Catalog. Trying to delete Sub-task Closed Unassigned  
          23.
          		 Total order of a party. Sub-task Closed Jacques Le Roux

          0%
          Original Estimate - 1h
          Remaining Estimate - 1h
          24.
          		 Error deleting ContactMechPurpose for party PostalAddress Sub-task Closed Jacques Le Roux  
          25.
          		 Delete an action under price rule Sub-task Closed Vikas Mayur  
          26.
          		 Links to delete Product promo category and product promo product are not working Sub-task Closed Ashish Vijaywargiya  
          27.
          		 Show Lookup field - security related error Sub-task Closed Jacques Le Roux  
          28.
          		 inplace ajax editor for textfields does not work anymore because of the security changes (ajaxInPlaceEditDisplayField) Sub-task Closed Scott Gray  
          29.
          		 Securing URLs in EditShipmentRouteSegments.ftl Sub-task Closed Vikas Mayur  
          30.
          		 Securing URL's issue in editorderitems.ftl and ordercontactinfo.ftl. Sub-task Closed Jacques Le Roux  
          31.
          		 Updating Invoice Item Type in Global GL Settings Sub-task Closed Jacopo Cappellato  
          32.
          		 Secure URLs in EditShipmentPackages.ftl Sub-task Closed Vikas Mayur  
          33.
          		 Error creating order note Sub-task Closed Jacques Le Roux  
          34.
          		 Secure URLs in EditShipmentItems.ftl Sub-task Closed Vikas Mayur  
          35.
          		 Approved Sales Order -> Edit Items -> Cancel All Items Sub-task Closed Ashish Vijaywargiya  
          36.
          		 Create New Employment Application - Security Error Sub-task Closed Jacques Le Roux  
          37.
          		 Delete a child-subcategory from cathegory-rollup Sub-task Closed Ashish Vijaywargiya  
          38.
          		 Secure URLs in findOrders.ftl Sub-task Closed Ashish Vijaywargiya  
          39.
          		 Delete Store survey Sub-task Closed Vikas Mayur  
          40.
          		 Secure URLs for "Make Public" and "Make Private" link on View Order screen Sub-task Closed Vikas Mayur  
          41.
          		 Delete Product from Category Sub-task Closed Jacques Le Roux  
          42.
          		 removePartyContent from party profile screen Sub-task Closed Vikas Mayur  
          43.
          		 Secure Url in ordershippinginfo.ftl Sub-task Closed Ashish Vijaywargiya  
          44.
          		 Patch non-secure URL in EditCategoryProducts.ftl Sub-task Closed Jacques Le Roux  
          45.
          		 Non secure Url in edit category product. Sub-task Closed Ashish Vijaywargiya  
          46.
          		 Deleting feature from product category Sub-task Closed Scott Gray  
          47.
          		 Creating New Employment Application (non secure) Sub-task Closed Jacques Le Roux  
          48.
          		 Trying to do a quick check out in Ecommerce application and facing error when clicking Submit Order after filling the credit card details. Sub-task Closed Jacques Le Roux  
          49.
          		 Setting default address in Ecommerce profile Sub-task Closed Jacques Le Roux  
          50.
          		 Security error in Facility, while deleting contact information. Sub-task Closed Ashish Vijaywargiya  
          51.
          		 In Content Manager component Remove Survey question link of Edit survey question page is showing error. Sub-task Closed Jacques Le Roux  
          52.
          		 Create New Shopping List for Party Sub-task Closed Jacques Le Roux  
          53.
          		 Delete link is not working on Edit Facility Location screen Sub-task Closed Ashish Vijaywargiya  
          54.
          		 Delete link is not working on Edit Facility Contact Mechanism Screen Sub-task Closed Vikas Mayur  
          55.
          		 Create a Vcard from a contact in SFA Sub-task Closed Jacques Le Roux  
          56.
          		 Remove productstore role from store Sub-task Closed Jacques Le Roux  
          57.
          		 Remove links for adjustments in create return screen is not working. Sub-task Closed Ashish Vijaywargiya  
          58.
          		 Edit/Navigate Global GL Account - Found URL parameter [glAccountId] passed to secure (https) request-map with uri [updateGlAccount] Sub-task Closed Jacques Le Roux  
          59.
          		 unsubscribe from a contactlist in the "profile" screen in the ecommerce screens Sub-task Closed Jacques Le Roux  
          60.
          		 delete of Price Rule does not work Sub-task Closed Ashish Vijaywargiya  
          61.
          		 Attach Features to Category from Products Sub-task Closed Jacques Le Roux  
          62.
          		 paymentMethodTypeId Sub-task Closed Jacques Le Roux  
          63.
          		 Categories removing in Product Quick Admin Sub-task Closed Jacques Le Roux  
          64.
          		 Secure URL when reading messages (readmessage?communicationEventId) Sub-task Closed Jacques Le Roux  
          65.
          		 deleteCustomerTaxAuthInfo page called from /ecommerce/control/viewprofile Sub-task Closed Jacques Le Roux  
          66.
          		 Error while viewing list of time periods Sub-task Closed Jacques Le Roux  
          67.
          		 Pagination Problem in Accounting Module Sub-task Closed Jacques Le Roux  
          68.
          		 Error when trying to make a project note public from the projectView page in teh Projectmgr application Sub-task Closed Jacques Le Roux  
          69.
          		 Secure Url could not be call for service deleteKeywordThesaurus Sub-task Closed Ashish Vijaywargiya  
          70.
          		 Remove Survey Question Option not working. Sub-task Closed Jacques Le Roux  
          71.
          		 Error in pagination in createProductSubscriptionResource (Catalog) Sub-task Closed Shi Jinghai  
          72.
          		 createGlAccountTypeDefault generate an error in log Sub-task Closed Jacques Le Roux  
          73.
          		 Security update (Link to hidden form change) for Visual Theme selection Sub-task Closed Bruno Busco  
          74.
          		 Delete is not working in Configurations->content Sub-task Closed Arun Patidar  
          75.
          		 Pagination in product price does not work correctly after a price creation Sub-task Closed Jacques Le Roux  
          76.
          		 Delete Child Period in EditCustomTimePeriod not secure Sub-task Closed Pranay Pandey  
          77.
          		 Create New Shopping List - Security Error Sub-task Closed Pranay Pandey  
          78.
          		 Remove Shopping List Item link is not working - Security Error Sub-task Closed Pranay Pandey  
          79.
          		 Remove Shopping List Item link is not working - Security Error Sub-task Closed Mohammed Rehan Khan  
          80.
          		 Delete Customer Tax Auth Info link is not working - Security Error Sub-task Closed Pranay Pandey  
          81.
          		 Remove product feature in Quick Admin page not secure Sub-task Closed Jacques Le Roux  
          82.
          		 Error in deleting AddressMatchMap for party Sub-task Closed Pranay Pandey  
          83.
          		 Link in verification email for Newsletter gives security error Sub-task Closed Jacques Le Roux  
          84.
          		 Secure Gl passed to URL - follows deletion of 10015 - COGS avg cost adjustment Sub-task In Progress Jacques Le Roux  

          Activity

            People

              jleroux Jacques Le Roux
              jleroux Jacques Le Roux
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 1h
                  1h
                  Remaining:
                  Remaining Estimate - 1h
                  1h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified