You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by "Oleg Andreyev (JIRA)" <ji...@apache.org> on 2007/07/10 07:53:04 UTC
[jira] Created: (OFBIZ-1133) Unescaped quotes break lookup screens
functionality
Unescaped quotes break lookup screens functionality
---------------------------------------------------
Key: OFBIZ-1133
URL: https://issues.apache.org/jira/browse/OFBIZ-1133
Project: OFBiz
Issue Type: Bug
Affects Versions: SVN trunk, Release Branch 4.0
Reporter: Oleg Andreyev
Priority: Minor
Fix For: SVN trunk
Example, it's impossible to select product in LookupProductAndPrice (used in EditQuoteItem) if product internal name contains quotas or apostrophe. The reason is obvious. The script "javascript:set_values('10112', 'Test product - Monitor 17", gray')" has error, unnecessary quote. I think the problem is common.
Simple solution is to remove second parameter. There is no field internalName in opener form. But it's feckless way.
Have anybody suggestion how rightly correct this problem? Modify HtmlFormRenderer?
Please explain me why we don't store escaped string in database. This is generally accepted solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OFBIZ-1133) Unescaped quotes break lookup screens
functionality
Posted by "Christian Geisert (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1133?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Christian Geisert updated OFBIZ-1133:
-------------------------------------
Attachment: patch_ofbiz_LookupProductAndPrice-branch.diff
patch_ofbiz_LookupProductAndPrice-trunk.diff
I think the second parameter (internalName) should be removed in any case as it isn't used anywhere (and call_fieldlookup2 supports one field only...) and this will solve the problem most of the time (IDs are already checked for problematic characters at creation)
I've attached a patches for trunk and branch.
It seems LookupProduct has the same problem, I'll check if it's save to remove the internalName from there.
> Unescaped quotes break lookup screens functionality
> ---------------------------------------------------
>
> Key: OFBIZ-1133
> URL: https://issues.apache.org/jira/browse/OFBIZ-1133
> Project: OFBiz
> Issue Type: Bug
> Affects Versions: SVN trunk, Release Branch 4.0
> Reporter: Oleg Andreyev
> Priority: Minor
> Fix For: SVN trunk
>
> Attachments: patch_ofbiz_LookupProductAndPrice-branch.diff, patch_ofbiz_LookupProductAndPrice-trunk.diff
>
>
> Example, it's impossible to select product in LookupProductAndPrice (used in EditQuoteItem) if product internal name contains quotas or apostrophe. The reason is obvious. The script "javascript:set_values('10112', 'Test product - Monitor 17", gray')" has error, unnecessary quote. I think the problem is common.
> Simple solution is to remove second parameter. There is no field internalName in opener form. But it's feckless way.
> Have anybody suggestion how rightly correct this problem? Modify HtmlFormRenderer?
> Please explain me why we don't store escaped string in database. This is generally accepted solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-1133) Unescaped quotes break lookup
screens functionality
Posted by "Daniel MartÃnez (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1133?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12511471 ]
Daniel MartÃnez commented on OFBIZ-1133:
----------------------------------------
I fixed this for a custom development.
The solution was to substitute the quotes with another character (I used "|") in the lookup form (through a service) and then modifying the javascript (set_multivalues) to substitute back the "|" characters by the correct apostrophe.
Of course I would not use this solution for ofbiz.
> Unescaped quotes break lookup screens functionality
> ---------------------------------------------------
>
> Key: OFBIZ-1133
> URL: https://issues.apache.org/jira/browse/OFBIZ-1133
> Project: OFBiz
> Issue Type: Bug
> Affects Versions: SVN trunk, Release Branch 4.0
> Reporter: Oleg Andreyev
> Priority: Minor
> Fix For: SVN trunk
>
>
> Example, it's impossible to select product in LookupProductAndPrice (used in EditQuoteItem) if product internal name contains quotas or apostrophe. The reason is obvious. The script "javascript:set_values('10112', 'Test product - Monitor 17", gray')" has error, unnecessary quote. I think the problem is common.
> Simple solution is to remove second parameter. There is no field internalName in opener form. But it's feckless way.
> Have anybody suggestion how rightly correct this problem? Modify HtmlFormRenderer?
> Please explain me why we don't store escaped string in database. This is generally accepted solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (OFBIZ-1133) Unescaped quotes break lookup screens
functionality
Posted by "Jacopo Cappellato (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1133?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacopo Cappellato reassigned OFBIZ-1133:
----------------------------------------
Assignee: Jacopo Cappellato (was: Jacques Le Roux)
> Unescaped quotes break lookup screens functionality
> ---------------------------------------------------
>
> Key: OFBIZ-1133
> URL: https://issues.apache.org/jira/browse/OFBIZ-1133
> Project: OFBiz
> Issue Type: Bug
> Affects Versions: SVN trunk, Release Branch 4.0
> Reporter: Oleg Andreyev
> Assignee: Jacopo Cappellato
> Priority: Minor
> Fix For: SVN trunk
>
> Attachments: patch_ofbiz_LookupProductAndPrice-branch.diff, patch_ofbiz_LookupProductAndPrice-trunk.diff
>
>
> Example, it's impossible to select product in LookupProductAndPrice (used in EditQuoteItem) if product internal name contains quotas or apostrophe. The reason is obvious. The script "javascript:set_values('10112', 'Test product - Monitor 17", gray')" has error, unnecessary quote. I think the problem is common.
> Simple solution is to remove second parameter. There is no field internalName in opener form. But it's feckless way.
> Have anybody suggestion how rightly correct this problem? Modify HtmlFormRenderer?
> Please explain me why we don't store escaped string in database. This is generally accepted solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (OFBIZ-1133) Unescaped quotes break lookup screens
functionality
Posted by "Jacques Le Roux (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1133?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacques Le Roux reassigned OFBIZ-1133:
--------------------------------------
Assignee: Jacques Le Roux
> Unescaped quotes break lookup screens functionality
> ---------------------------------------------------
>
> Key: OFBIZ-1133
> URL: https://issues.apache.org/jira/browse/OFBIZ-1133
> Project: OFBiz
> Issue Type: Bug
> Affects Versions: SVN trunk, Release Branch 4.0
> Reporter: Oleg Andreyev
> Assignee: Jacques Le Roux
> Priority: Minor
> Fix For: SVN trunk
>
> Attachments: patch_ofbiz_LookupProductAndPrice-branch.diff, patch_ofbiz_LookupProductAndPrice-trunk.diff
>
>
> Example, it's impossible to select product in LookupProductAndPrice (used in EditQuoteItem) if product internal name contains quotas or apostrophe. The reason is obvious. The script "javascript:set_values('10112', 'Test product - Monitor 17", gray')" has error, unnecessary quote. I think the problem is common.
> Simple solution is to remove second parameter. There is no field internalName in opener form. But it's feckless way.
> Have anybody suggestion how rightly correct this problem? Modify HtmlFormRenderer?
> Please explain me why we don't store escaped string in database. This is generally accepted solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-1133) Unescaped quotes break lookup
screens functionality
Posted by "David E. Jones (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1133?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12511388 ]
David E. Jones commented on OFBIZ-1133:
---------------------------------------
Just a quick note: we can't really encode this sort of string in the database, it really needs to be done in code that passes it through various types of limited string representations. In other words there are many possible string encodings such as Javascript inline string, HTML text, XML text, HTTP parameter, UTF-8 \u encoding, etc, etc. Because of all of these things we might want to do with the data, there is no one way we can encode it in the database.
> Unescaped quotes break lookup screens functionality
> ---------------------------------------------------
>
> Key: OFBIZ-1133
> URL: https://issues.apache.org/jira/browse/OFBIZ-1133
> Project: OFBiz
> Issue Type: Bug
> Affects Versions: SVN trunk, Release Branch 4.0
> Reporter: Oleg Andreyev
> Priority: Minor
> Fix For: SVN trunk
>
>
> Example, it's impossible to select product in LookupProductAndPrice (used in EditQuoteItem) if product internal name contains quotas or apostrophe. The reason is obvious. The script "javascript:set_values('10112', 'Test product - Monitor 17", gray')" has error, unnecessary quote. I think the problem is common.
> Simple solution is to remove second parameter. There is no field internalName in opener form. But it's feckless way.
> Have anybody suggestion how rightly correct this problem? Modify HtmlFormRenderer?
> Please explain me why we don't store escaped string in database. This is generally accepted solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-1133) Unescaped quotes break lookup
screens functionality
Posted by "Jacopo Cappellato (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1133?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12538691 ]
Jacopo Cappellato commented on OFBIZ-1133:
------------------------------------------
I agree with Christian: we can remove the second parameter (internalName) from all the product's lookup screens. That was an old experiment that I did :-( to provide a mean to display the internal name after a product id was selected... pre-Ajax age
> Unescaped quotes break lookup screens functionality
> ---------------------------------------------------
>
> Key: OFBIZ-1133
> URL: https://issues.apache.org/jira/browse/OFBIZ-1133
> Project: OFBiz
> Issue Type: Bug
> Affects Versions: SVN trunk, Release Branch 4.0
> Reporter: Oleg Andreyev
> Assignee: Jacques Le Roux
> Priority: Minor
> Fix For: SVN trunk
>
> Attachments: patch_ofbiz_LookupProductAndPrice-branch.diff, patch_ofbiz_LookupProductAndPrice-trunk.diff
>
>
> Example, it's impossible to select product in LookupProductAndPrice (used in EditQuoteItem) if product internal name contains quotas or apostrophe. The reason is obvious. The script "javascript:set_values('10112', 'Test product - Monitor 17", gray')" has error, unnecessary quote. I think the problem is common.
> Simple solution is to remove second parameter. There is no field internalName in opener form. But it's feckless way.
> Have anybody suggestion how rightly correct this problem? Modify HtmlFormRenderer?
> Please explain me why we don't store escaped string in database. This is generally accepted solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-1133) Unescaped quotes break lookup
screens functionality
Posted by "Jacopo Cappellato (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1133?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12511373 ]
Jacopo Cappellato commented on OFBIZ-1133:
------------------------------------------
Yeah,
I've noticed this too.
To all: do you know if there is a quick way to escape special characters in Javascript?
> Unescaped quotes break lookup screens functionality
> ---------------------------------------------------
>
> Key: OFBIZ-1133
> URL: https://issues.apache.org/jira/browse/OFBIZ-1133
> Project: OFBiz
> Issue Type: Bug
> Affects Versions: SVN trunk, Release Branch 4.0
> Reporter: Oleg Andreyev
> Priority: Minor
> Fix For: SVN trunk
>
>
> Example, it's impossible to select product in LookupProductAndPrice (used in EditQuoteItem) if product internal name contains quotas or apostrophe. The reason is obvious. The script "javascript:set_values('10112', 'Test product - Monitor 17", gray')" has error, unnecessary quote. I think the problem is common.
> Simple solution is to remove second parameter. There is no field internalName in opener form. But it's feckless way.
> Have anybody suggestion how rightly correct this problem? Modify HtmlFormRenderer?
> Please explain me why we don't store escaped string in database. This is generally accepted solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (OFBIZ-1133) Unescaped quotes break lookup screens
functionality
Posted by "Jacopo Cappellato (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1133?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacopo Cappellato closed OFBIZ-1133.
------------------------------------
Resolution: Fixed
Fixed in 593223, 593224 (trunk) and 593225 (release branch)
> Unescaped quotes break lookup screens functionality
> ---------------------------------------------------
>
> Key: OFBIZ-1133
> URL: https://issues.apache.org/jira/browse/OFBIZ-1133
> Project: OFBiz
> Issue Type: Bug
> Affects Versions: SVN trunk, Release Branch 4.0
> Reporter: Oleg Andreyev
> Assignee: Jacopo Cappellato
> Priority: Minor
> Fix For: SVN trunk
>
> Attachments: patch_ofbiz_LookupProductAndPrice-branch.diff, patch_ofbiz_LookupProductAndPrice-trunk.diff
>
>
> Example, it's impossible to select product in LookupProductAndPrice (used in EditQuoteItem) if product internal name contains quotas or apostrophe. The reason is obvious. The script "javascript:set_values('10112', 'Test product - Monitor 17", gray')" has error, unnecessary quote. I think the problem is common.
> Simple solution is to remove second parameter. There is no field internalName in opener form. But it's feckless way.
> Have anybody suggestion how rightly correct this problem? Modify HtmlFormRenderer?
> Please explain me why we don't store escaped string in database. This is generally accepted solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.