You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by Adam Heath <do...@brainfood.com> on 2010/12/04 20:00:21 UTC
REVERT: Re: svn commit: r1042196 - in /ofbiz/trunk: framework/common/config/
framework/common/script/org/ofbiz/common/ framework/common/webcommon/ framework/common/webcommon/WEB-INF/
framework/common/widget/ specialpurpose/myportal/script/org/ofbiz/myportal/
speci...
buscob@apache.org wrote:
> Author: buscob
> Date: Sat Dec 4 14:58:18 2010
> New Revision: 1042196
>
> URL: http://svn.apache.org/viewvc?rev=1042196&view=rev
> Log:
> https://issues.apache.org/jira/browse/OFBIZ-4037
> Moved the feature that allows a new user to register for an account from MyPortal to the framework so that it is available in any application.
> It has also been slightly reworked (code cleaning and internationalization).
> Two flags in general.properties allows to configure if the register function must be enabled or not and if the captcha function should be used.
> The captcha function needs to be improved because at the moment the code is contained in an hidden field so that it is very easy for a computer to bypass it.
> A possible fix for this could be to put the MD5 coding of the captcha code in the hidden field.
> Then the event that checks the code should compare the MD5 codes.
>
> Added: ofbiz/trunk/framework/common/script/org/ofbiz/common/RegisterEvents.xml
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/script/org/ofbiz/common/RegisterEvents.xml?rev=1042196&view=auto
> ==============================================================================
> --- ofbiz/trunk/framework/common/script/org/ofbiz/common/RegisterEvents.xml (added)
> +++ ofbiz/trunk/framework/common/script/org/ofbiz/common/RegisterEvents.xml Sat Dec 4 14:58:18 2010
> +
> + <!-- Create E-mail address -->
> + <set field="emailContext.emailAddress" from-field="parameters.USER_EMAIL"/>
> + <call-service service-name="createPartyEmailAddress" in-map-name="emailContext">
> + <result-to-field result-name="contactMechId" field="emailPurposeContext.contactMechId"/>
> + </call-service>
I'm sorry, but no. This is code inside framework calling code in
applications. There are other examples of this in this patch as well.
Please don't do this.