Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-6052

Find facility inventory items cause UtilCodec.IntrusionException

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: Trunk
    • Fix Version/s: 16.11.01
    • Component/s: ALL APPLICATIONS
    • Labels:
      None

      Description

      -Use demo database.
      -Go to url. https://localhost:8443/facility/control/ViewFacilityInventoryByProduct?facilityId=MyRetailStore
      -click find button.

      The source of the issue is in the UtilCodec.canonicalize()

      Console output:

      2015-02-02 06:31:29,955 |http-bio-8443-exec-6 |ModelScreen                   |E| Error rendering screen [component://common/widget/CommonScreens.xml#GlobalDecorator]: org.ofbiz.base.util.UtilCodec$IntrusionException: Input validation failure. Rolling back transaction.
      2015-02-02 06:31:29,957 |http-bio-8443-exec-6 |TransactionUtil               |W| Calling transaction setRollbackOnly; this stack trace shows where this is happening:
      java.lang.Exception: Error rendering screen [component://common/widget/CommonScreens.xml#GlobalDecorator]: org.ofbiz.base.util.UtilCodec$IntrusionException: Input validation failure
      	at org.ofbiz.entity.transaction.TransactionUtil.setRollbackOnly(TransactionUtil.java:360) [ofbiz-entity.jar:?]
      	at org.ofbiz.entity.transaction.TransactionUtil.rollback(TransactionUtil.java:301) [ofbiz-entity.jar:?]
      	at org.ofbiz.widget.model.ModelScreen.renderScreenString(ModelScreen.java:171) [ofbiz-widget.jar:?]
      	at org.ofbiz.widget.model.ScreenFactory.renderReferencedScreen(ScreenFactory.java:211) [ofbiz-widget.jar:?]
      	at org.ofbiz.widget.model.ModelScreenWidget$IncludeScreen.renderWidgetString(ModelScreenWidget.java:779) [ofbiz-widget.jar:?]
      	at org.ofbiz.widget.model.ModelScreenWidget.renderSubWidgetsString(ModelScreenWidget.java:98) [ofbiz-widget.jar:?]
      	at org.ofbiz.widget.model.ModelScreenWidget$Section.renderWidgetString(ModelScreenWidget.java:280) [ofbiz-widget.jar:?]
      	at org.ofbiz.widget.model.ModelScreen.renderScreenString(ModelScreen.java:164) [ofbiz-widget.jar:?]
      	at org.ofbiz.widget.model.ScreenFactory.renderReferencedScreen(ScreenFactory.java:211) [ofbiz-widget.jar:?]
      	at org.ofbiz.widget.model.ModelScreenWidget$IncludeScreen.renderWidgetString(ModelScreenWidget.java:779) [ofbiz-widget.jar:?]
      	at org.ofbiz.widget.model.ModelScreenWidget.renderSubWidgetsString(ModelScreenWidget.java:98) [ofbiz-widget.jar:?]
      	at org.ofbiz.widget.model.ModelScreenWidget$Section.renderWidgetString(ModelScreenWidget.java:280) [ofbiz-widget.jar:?]
      	at org.ofbiz.widget.model.ModelScreen.renderScreenString(ModelScreen.java:164) [ofbiz-widget.jar:?]
      	at org.ofbiz.widget.model.ScreenFactory.renderReferencedScreen(ScreenFactory.java:211) [ofbiz-widget.jar:?]
      	at org.ofbiz.widget.model.ModelScreenWidget$DecoratorScreen.renderWidgetString(ModelScreenWidget.java:859) [ofbiz-widget.jar:?]
      	at org.ofbiz.widget.model.ModelScreenWidget.renderSubWidgetsString(ModelScreenWidget.java:98) [ofbiz-widget.jar:?]
      	at org.ofbiz.widget.model.ModelScreenWidget$Section.renderWidgetString(ModelScreenWidget.java:280) [ofbiz-widget.jar:?]
      	at org.ofbiz.widget.model.ModelScreen.renderScreenString(ModelScreen.java:164) [ofbiz-widget.jar:?]
      	at org.ofbiz.widget.model.ScreenFactory.renderReferencedScreen(ScreenFactory.java:211) [ofbiz-widget.jar:?]
      	at org.ofbiz.widget.model.ModelScreenWidget$DecoratorScreen.renderWidgetString(ModelScreenWidget.java:859) [ofbiz-widget.jar:?]
      	at org.ofbiz.widget.model.ModelScreenWidget.renderSubWidgetsString(ModelScreenWidget.java:98) [ofbiz-widget.jar:?]
      	at org.ofbiz.widget.model.ModelScreenWidget$Section.renderWidgetString(ModelScreenWidget.java:280) [ofbiz-widget.jar:?]
      	at org.ofbiz.widget.model.ModelScreen.renderScreenString(ModelScreen.java:164) [ofbiz-widget.jar:?]
      	at org.ofbiz.widget.renderer.ScreenRenderer.render(ScreenRenderer.java:135) [ofbiz-widget.jar:?]
      	at org.ofbiz.widget.renderer.ScreenRenderer.render(ScreenRenderer.java:97) [ofbiz-widget.jar:?]
      	at org.ofbiz.widget.renderer.macro.MacroScreenViewHandler.render(MacroScreenViewHandler.java:151) [ofbiz-widget.jar:?]
      	at org.ofbiz.webapp.control.RequestHandler.renderView(RequestHandler.java:1041) [ofbiz-webapp.jar:?]
      	at org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:697) [ofbiz-webapp.jar:?]
      	at org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:216) [ofbiz-webapp.jar:?]
      	at org.ofbiz.webapp.control.ControlServlet.doPost(ControlServlet.java:87) [ofbiz-webapp.jar:?]
      
      1. OFBIZ-6052.patch
        0.6 kB
        Deepak Dixit

        Issue Links

          Activity

          Hide
          ofbizzer Christian Carlow added a comment -

          This is probably another duplicate like OFBIZ-5953.

          Show
          ofbizzer Christian Carlow added a comment - This is probably another duplicate like OFBIZ-5953 .
          Hide
          jacques.le.roux Jacques Le Roux added a comment -

          Which is actually a duplicate of OFBIZ-5910

          I believe I will go the Gareth's way, but I'll dlb-check before if there is not a better solution (I doubt)

          Show
          jacques.le.roux Jacques Le Roux added a comment - Which is actually a duplicate of OFBIZ-5910 I believe I will go the Gareth's way, but I'll dlb-check before if there is not a better solution (I doubt)
          Hide
          jacopoc Jacopo Cappellato added a comment -

          I am not able to recreate this issue: in the log I see a stack trace when I visit the screen but it is not the one that is reported in this ticket; could you please double check?
          I will fix the error I see but as I said it has nothing to do with an intrusion exception.

          Show
          jacopoc Jacopo Cappellato added a comment - I am not able to recreate this issue: in the log I see a stack trace when I visit the screen but it is not the one that is reported in this ticket; could you please double check? I will fix the error I see but as I said it has nothing to do with an intrusion exception.
          Hide
          jacopoc Jacopo Cappellato added a comment -

          Ok, I am able to recreate, sorry for the confusion.

          Show
          jacopoc Jacopo Cappellato added a comment - Ok, I am able to recreate, sorry for the confusion.
          Hide
          deepak.dixit Deepak Dixit added a comment -

          Here is the patch for missing overrideListSize variable.

          Show
          deepak.dixit Deepak Dixit added a comment - Here is the patch for missing overrideListSize variable.
          Hide
          jacopoc Jacopo Cappellato added a comment -

          Thank you Deepak, I have committed your patch in rev. 1656983 (trunk) and also back ported to all the active release branches (14.12, 13.07, 12.07)

          Show
          jacopoc Jacopo Cappellato added a comment - Thank you Deepak, I have committed your patch in rev. 1656983 (trunk) and also back ported to all the active release branches (14.12, 13.07, 12.07)
          Hide
          jacopoc Jacopo Cappellato added a comment -

          Thanks, in rev 1659224 I have implemented a fix for this issue.

          Show
          jacopoc Jacopo Cappellato added a comment - Thanks, in rev 1659224 I have implemented a fix for this issue.
          Hide
          jacques.le.roux Jacques Le Roux added a comment -

          I close, even if it's a workaround for now, we should rather open a more general issue if/when we will want to go further with UtilCode.encode()

          Show
          jacques.le.roux Jacques Le Roux added a comment - I close, even if it's a workaround for now, we should rather open a more general issue if/when we will want to go further with UtilCode.encode()
          Hide
          jacques.le.roux Jacques Le Roux added a comment -

          Actually this issue already exists, it's OFBIZ-5953

          Show
          jacques.le.roux Jacques Le Roux added a comment - Actually this issue already exists, it's OFBIZ-5953

            People

            • Assignee:
              jacopoc Jacopo Cappellato
              Reporter:
              wt Wai
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development