You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ofbiz.apache.org by Adam Heath <do...@brainfood.com> on 2010/12/04 20:00:21 UTC

REVERT: Re: svn commit: r1042196 - in /ofbiz/trunk: framework/common/config/ framework/common/script/org/ofbiz/common/ framework/common/webcommon/ framework/common/webcommon/WEB-INF/ framework/common/widget/ specialpurpose/myportal/script/org/ofbiz/myportal/ speci...

buscob@apache.org wrote:
> Author: buscob
> Date: Sat Dec  4 14:58:18 2010
> New Revision: 1042196
> 
> URL: http://svn.apache.org/viewvc?rev=1042196&view=rev
> Log:
> https://issues.apache.org/jira/browse/OFBIZ-4037
> Moved the feature that allows a new user to register for an account from MyPortal to the framework so that it is available in any application.
> It has also been slightly reworked (code cleaning and internationalization).
> Two flags in general.properties allows to configure if the register function must be enabled or not and if the captcha function should be used.
> The captcha function needs to be improved because at the moment the code is contained in an hidden field so that it is very easy for a computer to bypass it.
> A possible fix for this could be to put the MD5 coding of the captcha code in the hidden field.
> Then the event that checks the code should compare the MD5 codes.
> 
> Added: ofbiz/trunk/framework/common/script/org/ofbiz/common/RegisterEvents.xml
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/script/org/ofbiz/common/RegisterEvents.xml?rev=1042196&view=auto
> ==============================================================================
> --- ofbiz/trunk/framework/common/script/org/ofbiz/common/RegisterEvents.xml (added)
> +++ ofbiz/trunk/framework/common/script/org/ofbiz/common/RegisterEvents.xml Sat Dec  4 14:58:18 2010
> +
> +                <!-- Create E-mail address -->
> +                <set field="emailContext.emailAddress" from-field="parameters.USER_EMAIL"/>
> +                <call-service service-name="createPartyEmailAddress" in-map-name="emailContext">
> +                    <result-to-field result-name="contactMechId" field="emailPurposeContext.contactMechId"/>
> +                </call-service>

I'm sorry, but no.  This is code inside framework calling code in
applications.  There are other examples of this in this patch as well.
 Please don't do this.