You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2020/02/05 10:28:56 UTC

[ofbiz-framework] 01/02: Fixed: impersonateLogin (OFBIZ-5409)

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release17.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git

commit b2e3cc717dcea74110d4b152ae46a9a2b2c62a89
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Tue Feb 4 15:35:40 2020 +0100

    Fixed: impersonateLogin
    (OFBIZ-5409)
    
    I reopended this old issue because, while working on  OFBIZ-11329, I found that
    userLogin and impersonateLogin should be removed from
    jsonResponseFromRequestAttributes
    
    Thanks: James Yong for pointing that out
    
    # Conflicts:
    #	framework/common/src/main/java/org/apache/ofbiz/common/CommonEvents.java
---
 .../common/src/main/java/org/apache/ofbiz/common/CommonEvents.java | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/framework/common/src/main/java/org/apache/ofbiz/common/CommonEvents.java b/framework/common/src/main/java/org/apache/ofbiz/common/CommonEvents.java
index 663a0d3..835de82 100644
--- a/framework/common/src/main/java/org/apache/ofbiz/common/CommonEvents.java
+++ b/framework/common/src/main/java/org/apache/ofbiz/common/CommonEvents.java
@@ -62,7 +62,7 @@ public class CommonEvents {
 
     public static final String module = CommonEvents.class.getName();
 
-    private static final String[] ignoreAttrs = new String[] { // Attributes removed for security reason; _ERROR_MESSAGE_ is kept
+    private static final String[] ignoreAttrs = new String[] { // Attributes removed for security reason; _ERROR_MESSAGE_ and _ERROR_MESSAGE_LIST are kept
         "javax.servlet.request.key_size",
         "_CONTEXT_ROOT_",
         "_FORWARDED_FROM_SERVLET_",
@@ -73,7 +73,10 @@ public class CommonEvents {
         "targetRequestUri",
         "_SERVER_ROOT_URL_",
         "_CONTROL_PATH_",
-        "thisRequestUri"
+        "thisRequestUri",
+        "org.apache.tomcat.util.net.secure_protocol_version",
+        "userLogin",
+        "impersonateLogin"
     };
 
     public static String setFollowerPage(HttpServletRequest request, HttpServletResponse response) {