Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-9373

Create new blog article entry error.

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: Trunk
    • Fix Version/s: 16.11.03
    • Component/s: content
    • Labels:
      None

      Description

      1、when i try to create a new blog article, i get the following error message:
      In field [articleData] less-than (<) and greater-than (>) symbols are not allowed.

      it seems that this field does not support html text !

      2、after i use plain text for the field [articleData], when i post the form, i get the following error message:
      The following required parameter is missing: [IN] [createElectronicText.dataResourceId]]

      and i go through the code that handles the request and the log record, to find that the following eca does not execute which causes the error:

      <!-- electronic text; needs dataResourceId -->
      <eca service="createElectronicText" event="invoke">
      <condition field-name="dataResourceId" operator="is-empty"/>
      <set field-name="dataResourceTypeId" value="ELECTRONIC_TEXT"/>
      <action service="createDataResource" mode="sync" result-to-context="true"/>
      </eca>

      does the problem lies in the framework code ?

        Activity

        Hide
        jacques.le.roux Jacques Le Roux added a comment -

        Hi Yao,

        Yes it's a known problem related with http://svn.apache.org/viewvc?view=revision&revision=1759065

        Recently in the context of Flexible Report I used the OWASP Java HTML Sanitizer Project to create and use a specific BIRT_FLEXIBLE_REPORT_POLICY used by encoder.sanitize() (HtmlEncoder type) in ContentWorker.renderContentAsText(). This allows for more flexibility than "any" or "none" when sanitizing or checking HTML code. We could use the PERMISSIVE_POLICY for the removed "safe" case or even allows to use a policy name for allow-html value. As soon as I'll get a chance I'll have a look at this idea.

        In the meantime if you believe you are safe to use "any" just do that.

        Show
        jacques.le.roux Jacques Le Roux added a comment - Hi Yao, Yes it's a known problem related with http://svn.apache.org/viewvc?view=revision&revision=1759065 Recently in the context of Flexible Report I used the OWASP Java HTML Sanitizer Project to create and use a specific BIRT_FLEXIBLE_REPORT_POLICY used by encoder.sanitize() (HtmlEncoder type) in ContentWorker.renderContentAsText(). This allows for more flexibility than "any" or "none" when sanitizing or checking HTML code. We could use the PERMISSIVE_POLICY for the removed "safe" case or even allows to use a policy name for allow-html value. As soon as I'll get a chance I'll have a look at this idea. In the meantime if you believe you are safe to use "any" just do that.
        Hide
        apple0407 yao added a comment -

        Thanks !

        and what about my second question ? When i post a new blog article , i get the following error message :

        The following required parameter is missing: [IN] [createElectronicText.dataResourceId]]

        I see that creating a blog article will invoke the "createElectronicText" service . This service uses an eca to check if the field [dataResourceId] is empty. If it's empty , then will invoke the "createDataResource" service first to get a dataResourceId . But it seems that the eca wasn't invoked, and give me the "dataResourceId missing" message.

        don't have a glue about how to solve it . Would you please help me with that or give me some advice. Thanks very much !

        Show
        apple0407 yao added a comment - Thanks ! and what about my second question ? When i post a new blog article , i get the following error message : The following required parameter is missing: [IN] [createElectronicText.dataResourceId] ] I see that creating a blog article will invoke the "createElectronicText" service . This service uses an eca to check if the field [dataResourceId] is empty. If it's empty , then will invoke the "createDataResource" service first to get a dataResourceId . But it seems that the eca wasn't invoked, and give me the "dataResourceId missing" message. don't have a glue about how to solve it . Would you please help me with that or give me some advice. Thanks very much !
        Hide
        dcoric Daniel Coric added a comment -

        Hello Yao and Jacques,

        I have run into the same problem in "16.11.02" - "dataResourceTypeId=ELECTRONIC_TEXT}]: The following required parameter is missing: [IN] [createElectronicText.dataResourceId]]".
        Any solution?

        Thank you,
        Daniel

        Show
        dcoric Daniel Coric added a comment - Hello Yao and Jacques, I have run into the same problem in "16.11.02" - "dataResourceTypeId=ELECTRONIC_TEXT}]: The following required parameter is missing: [IN] [createElectronicText.dataResourceId] ]". Any solution? Thank you, Daniel
        Hide
        jacques.le.roux Jacques Le Roux added a comment -

        Thanks Daniel,

        And sorry Yao, I completely forgot this remaining issue. I'll have a look soon...

        Show
        jacques.le.roux Jacques Le Roux added a comment - Thanks Daniel, And sorry Yao, I completely forgot this remaining issue. I'll have a look soon...
        Hide
        apple0407 yao added a comment -

        Hi Jacques and Daniel,

        I have just solved this problem. In [createElectronicText] eca we use the event "invoke", but the validating event happens before invoking , there lies the problem. The validation can't pass!

        so to solve it , I just set the event type to "in-validate". But After that , i get another problem. the error message is : [Unknown parameter found:dataResource]. After some reviewing of the code , i see that there's no attribute name "dataResource" in the service definition. Just add one and make it optional .

        I don't know if my solution is appropriate.

        Show
        apple0407 yao added a comment - Hi Jacques and Daniel, I have just solved this problem. In [createElectronicText] eca we use the event "invoke", but the validating event happens before invoking , there lies the problem. The validation can't pass! so to solve it , I just set the event type to "in-validate". But After that , i get another problem. the error message is : [Unknown parameter found:dataResource] . After some reviewing of the code , i see that there's no attribute name "dataResource" in the service definition. Just add one and make it optional . I don't know if my solution is appropriate.
        Hide
        jacques.le.roux Jacques Le Roux added a comment -

        Hi Yao,

        From your comment (nothing else) this sounds like an appropriate solution to me, could you please add a patch?

        Show
        jacques.le.roux Jacques Le Roux added a comment - Hi Yao, From your comment (nothing else) this sounds like an appropriate solution to me, could you please add a patch?
        Hide
        dcoric Daniel Coric added a comment -

        Hello Yao and Jacques,

        I just changed from mode="INOUT" to mode="IN" (Line: 107) in the "/ofbiz-16.11/applications/content/servicedef/services_data.xml" and rebuilt the project - as far as I can see everything works as expected.

        We can find the same line in the release15.12 "/ofbiz-15.12/applications/content/servicedef/services_data.xml" (Line: 108) and there everything works as expected.

        I must admit, I don't understand this change.

        Show
        dcoric Daniel Coric added a comment - Hello Yao and Jacques, I just changed from mode="INOUT" to mode="IN" (Line: 107) in the "/ofbiz-16.11/applications/content/servicedef/services_data.xml" and rebuilt the project - as far as I can see everything works as expected. We can find the same line in the release15.12 "/ofbiz-15.12/applications/content/servicedef/services_data.xml" (Line: 108) and there everything works as expected. I must admit, I don't understand this change.
        Hide
        jacques.le.roux Jacques Le Roux added a comment -

        Thanks Daniel,

        You are right, this was an error in r1765319 There was no reason to change in createElectronicText
        <auto-attributes include="pk" mode="IN" optional="false"/>
        to
        <auto-attributes include="pk" mode="INOUT" optional="false"/>

        Fixed in
        trunk r1799088
        R16.11 r1799089

        Show
        jacques.le.roux Jacques Le Roux added a comment - Thanks Daniel, You are right, this was an error in r1765319 There was no reason to change in createElectronicText <auto-attributes include="pk" mode="IN" optional="false"/> to <auto-attributes include="pk" mode="INOUT" optional="false"/> Fixed in trunk r1799088 R16.11 r1799089

          People

          • Assignee:
            jacques.le.roux Jacques Le Roux
            Reporter:
            apple0407 yao
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development