You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by "Ashish Nagar (JIRA)" <ji...@apache.org> on 2009/02/13 14:27:59 UTC
[jira] Created: (OFBIZ-2189) Error occurs using XML-Import from
webtools
Error occurs using XML-Import from webtools
-------------------------------------------
Key: OFBIZ-2189
URL: https://issues.apache.org/jira/browse/OFBIZ-2189
Project: OFBiz
Issue Type: Bug
Components: framework
Affects Versions: SVN trunk
Reporter: Ashish Nagar
Fix For: SVN trunk
While using uploading Entity Engine XML documents , error is occuring
[ ServiceDispatcher.java:368:ERROR]
---- exception report ----------------------------------------------------------
Incoming context (in runSync : entityImport) does not match expected requirements
Exception: org.ofbiz.service.ServiceValidationException
Message: In field [fulltext] greater-than (>) and less-than (<) symbols are not allowed.
---- stack trace ---------------------------------------------------------------
org.ofbiz.service.ServiceValidationException: In field [fulltext] greater-than (>) and less-than (<) symbols are not allowed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-2189) Error occurs using XML-Import from
webtools
Posted by "Markus Studer (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-2189?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12673281#action_12673281 ]
Markus Studer commented on OFBIZ-2189:
--------------------------------------
The problem is related to the recent security changes.
XML Data Import allows to enter "Complete XML document" directly and uses the service entityImport and enters the data into the field fullText. This field gets validate to not include those < and > characters (new default behaviour). It is possible to override this behaviour on the service definition on attribute level (i.e. for field fullText) but I am not sure, what consequences that has from security point of view.
The patch you provided doesn't help as it "deactivates" the checks for < and >
> Error occurs using XML-Import from webtools
> -------------------------------------------
>
> Key: OFBIZ-2189
> URL: https://issues.apache.org/jira/browse/OFBIZ-2189
> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Ashish Nagar
> Fix For: SVN trunk
>
> Attachments: OFBIZ-2189.patch
>
> Original Estimate: 3h
> Remaining Estimate: 3h
>
> While using uploading Entity Engine XML documents , error is occuring
> [ ServiceDispatcher.java:368:ERROR]
> ---- exception report ----------------------------------------------------------
> Incoming context (in runSync : entityImport) does not match expected requirements
> Exception: org.ofbiz.service.ServiceValidationException
> Message: In field [fulltext] greater-than (>) and less-than (<) symbols are not allowed.
> ---- stack trace ---------------------------------------------------------------
> org.ofbiz.service.ServiceValidationException: In field [fulltext] greater-than (>) and less-than (<) symbols are not allowed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OFBIZ-2189) Error occurs using XML-Import from
webtools
Posted by "David E. Jones (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-2189?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David E. Jones updated OFBIZ-2189:
----------------------------------
Attachment: (was: OFBIZ-2189.patch)
> Error occurs using XML-Import from webtools
> -------------------------------------------
>
> Key: OFBIZ-2189
> URL: https://issues.apache.org/jira/browse/OFBIZ-2189
> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Ashish Nagar
> Fix For: SVN trunk
>
> Original Estimate: 3h
> Remaining Estimate: 3h
>
> While using uploading Entity Engine XML documents , error is occuring
> [ ServiceDispatcher.java:368:ERROR]
> ---- exception report ----------------------------------------------------------
> Incoming context (in runSync : entityImport) does not match expected requirements
> Exception: org.ofbiz.service.ServiceValidationException
> Message: In field [fulltext] greater-than (>) and less-than (<) symbols are not allowed.
> ---- stack trace ---------------------------------------------------------------
> org.ofbiz.service.ServiceValidationException: In field [fulltext] greater-than (>) and less-than (<) symbols are not allowed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-2189) Error occurs using XML-Import from
webtools
Posted by "David E. Jones (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-2189?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12673301#action_12673301 ]
David E. Jones commented on OFBIZ-2189:
---------------------------------------
Yes, this patch basically disables the check in many situations and must not be committed.
In general framework changes for isolated cases is a sign of the framework not being used correctly, and as Markus said this is just an issue with that particular instance and we don't want to change the default behavior of checking for HTML, we just want to change the config on the one service to allow HTML.
In this case it should be allow-html="any" because the incoming text is not HTML, it is XML and is validated separately, so HTML checking is not needed and doesn't make sense.
> Error occurs using XML-Import from webtools
> -------------------------------------------
>
> Key: OFBIZ-2189
> URL: https://issues.apache.org/jira/browse/OFBIZ-2189
> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Ashish Nagar
> Fix For: SVN trunk
>
> Original Estimate: 3h
> Remaining Estimate: 3h
>
> While using uploading Entity Engine XML documents , error is occuring
> [ ServiceDispatcher.java:368:ERROR]
> ---- exception report ----------------------------------------------------------
> Incoming context (in runSync : entityImport) does not match expected requirements
> Exception: org.ofbiz.service.ServiceValidationException
> Message: In field [fulltext] greater-than (>) and less-than (<) symbols are not allowed.
> ---- stack trace ---------------------------------------------------------------
> org.ofbiz.service.ServiceValidationException: In field [fulltext] greater-than (>) and less-than (<) symbols are not allowed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OFBIZ-2189) Error occurs using XML-Import from
webtools
Posted by "Ashish Nagar (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-2189?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ashish Nagar updated OFBIZ-2189:
--------------------------------
Attachment: OFBIZ-2189.patch
This error is due to statement in line no. 487 of StringUtil.java.
If this condition "if (value.indexOf("<") >= 0 || value.indexOf("<") >= 0) {", is replaced by "if (value.indexOf("<") > 0 || value.indexOf(">") == 0) {" condition, then the error gets resolved.
I am providing the patch for this file
> Error occurs using XML-Import from webtools
> -------------------------------------------
>
> Key: OFBIZ-2189
> URL: https://issues.apache.org/jira/browse/OFBIZ-2189
> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Ashish Nagar
> Fix For: SVN trunk
>
> Attachments: OFBIZ-2189.patch
>
> Original Estimate: 3h
> Remaining Estimate: 3h
>
> While using uploading Entity Engine XML documents , error is occuring
> [ ServiceDispatcher.java:368:ERROR]
> ---- exception report ----------------------------------------------------------
> Incoming context (in runSync : entityImport) does not match expected requirements
> Exception: org.ofbiz.service.ServiceValidationException
> Message: In field [fulltext] greater-than (>) and less-than (<) symbols are not allowed.
> ---- stack trace ---------------------------------------------------------------
> org.ofbiz.service.ServiceValidationException: In field [fulltext] greater-than (>) and less-than (<) symbols are not allowed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (OFBIZ-2189) Error occurs using XML-Import from
webtools
Posted by "David E. Jones (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-2189?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David E. Jones closed OFBIZ-2189.
---------------------------------
Resolution: Fixed
Assignee: David E. Jones
Fixed in rev 744177.
> Error occurs using XML-Import from webtools
> -------------------------------------------
>
> Key: OFBIZ-2189
> URL: https://issues.apache.org/jira/browse/OFBIZ-2189
> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Ashish Nagar
> Assignee: David E. Jones
> Fix For: SVN trunk
>
> Original Estimate: 3h
> Remaining Estimate: 3h
>
> While using uploading Entity Engine XML documents , error is occuring
> [ ServiceDispatcher.java:368:ERROR]
> ---- exception report ----------------------------------------------------------
> Incoming context (in runSync : entityImport) does not match expected requirements
> Exception: org.ofbiz.service.ServiceValidationException
> Message: In field [fulltext] greater-than (>) and less-than (<) symbols are not allowed.
> ---- stack trace ---------------------------------------------------------------
> org.ofbiz.service.ServiceValidationException: In field [fulltext] greater-than (>) and less-than (<) symbols are not allowed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-2189) Error occurs using XML-Import from
webtools
Posted by "Ashish Nagar (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-2189?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12673478#action_12673478 ]
Ashish Nagar commented on OFBIZ-2189:
-------------------------------------
Thanks David for providing fix for this issue.But i still have some doubts on that statement of StringUtil.java,
// check for "<", ">"
if (value.indexOf("<") >= 0 || value.indexOf("<") >= 0) {
Some things i found are :
1) Same condition is checked on both sides of OR.(I hope second condition should be a check for ">" sign)
2) Now anyone can put Entity Engine XML documents without bothering the syntax of initial tag <entity-engine-xml>, instead he can start with "><entity-engine-xml>".
3) Admin user can put any type of text(other than XML docs) inside the enclosing tags <entity-engine-xml> & can click on import text button.(There should be error message asking to put XML tags)
However i wonder as this condition "if (value.indexOf("<") >= 0 || value.indexOf("<") >= 0) {" will check the initial occurrence of "<" in the given text.But what i found is in StringUtil.java the value object does not contain the text value imported.So the value.indexOf("<") always evaluates to -1. So the input value is not validated upon these symbols.
I will be more than pleasured if you correct me if i am in wrong direction & provide suggestions.
> Error occurs using XML-Import from webtools
> -------------------------------------------
>
> Key: OFBIZ-2189
> URL: https://issues.apache.org/jira/browse/OFBIZ-2189
> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Ashish Nagar
> Assignee: David E. Jones
> Fix For: SVN trunk
>
> Original Estimate: 3h
> Remaining Estimate: 3h
>
> While using uploading Entity Engine XML documents , error is occuring
> [ ServiceDispatcher.java:368:ERROR]
> ---- exception report ----------------------------------------------------------
> Incoming context (in runSync : entityImport) does not match expected requirements
> Exception: org.ofbiz.service.ServiceValidationException
> Message: In field [fulltext] greater-than (>) and less-than (<) symbols are not allowed.
> ---- stack trace ---------------------------------------------------------------
> org.ofbiz.service.ServiceValidationException: In field [fulltext] greater-than (>) and less-than (<) symbols are not allowed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.