You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ofbiz.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2020/04/12 11:18:00 UTC

[jira] [Commented] (OFBIZ-11593) "entity/list" request is not handled well

    [ https://issues.apache.org/jira/browse/OFBIZ-11593?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17081751#comment-17081751 ] 

ASF subversion and git services commented on OFBIZ-11593:
---------------------------------------------------------

Commit e4871226249b7c5dcb51931b81bf5cdb79d7810f in ofbiz-framework's branch refs/heads/trunk from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=e487122 ]

Fixed: "entity/list" request is not handled well

(OFBIZ-11593)

The "entity/list" request has been put in with OFBIZ-11007. It's used to call
the entitymaint view and so is a demo/didactic duplicate of entitymaint request.
It's only used in FindGeneric screen (look for WebtoolsBackToEntityList label).
It's problematic because since the CSRF token defense was put in you can no
longer filter the entities from the entities list screen, even when the default
NoCsrfDefenseStrategy is used. It works if you use the entitymaint request
instead.

Anyway, 2020-01-19 I proposed in OFBIZ-11306 a solution for such cases.
It was not used because 2020-02-14 I thought it was no longer needed,
but it's necessary for this case, and maybe others not already detected.

Here it's implementation (only trunk)


> "entity/list" request is not handled well
> -----------------------------------------
>
>                 Key: OFBIZ-11593
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-11593
>             Project: OFBiz
>          Issue Type: Bug
>          Components: framework/webtools
>    Affects Versions: Trunk
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Major
>
> The "entity/list" request has been put in with OFBIZ-11007. It's used to call the entitymaint view and so is a demo/didactic duplicate of entitymaint request. It's only used in FindGeneric screen (look for the WebtoolsBackToEntityList label). It's problematic because since the CSRF token defense was put in you can no longer filter the entities from the entities list screen, even when the default NoCsrfDefenseStrategy is used. It works if you use the entitymaint request instead.
> Anyway, 2020-01-19 I proposed in OFBIZ-11306 a solution for such cases. It was not used because 2020-02-14 I thought it was no longer needed, but it's necessary for this case, and maybe others not already detected:
> {code:java}
>          if (pathInfo.get(0).indexOf('?') > -1) {
>              return pathInfo.get(0).substring(0, pathInfo.get(0).indexOf('?'));
>          } else {
> -            return pathInfo.get(0);
> +            if (1 < StringUtils.countMatches(path, "/")) {
> +                return pathInfo.get(0) + "/" + pathInfo.get(1);
> +            } else {
> +                return pathInfo.get(0);
> +            }
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)