You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by ha...@apache.org on 2009/06/30 02:32:24 UTC
svn commit: r789506 - in /ofbiz/trunk:
applications/accounting/servicedef/services_invoice.xml
framework/common/servicedef/services_email.xml
Author: hansbak
Date: Tue Jun 30 00:32:24 2009
New Revision: 789506
URL: http://svn.apache.org/viewvc?rev=789506&view=rev
Log:
only allow 'safe' in in/outgoing email
Modified:
ofbiz/trunk/applications/accounting/servicedef/services_invoice.xml
ofbiz/trunk/framework/common/servicedef/services_email.xml
Modified: ofbiz/trunk/applications/accounting/servicedef/services_invoice.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/accounting/servicedef/services_invoice.xml?rev=789506&r1=789505&r2=789506&view=diff
==============================================================================
--- ofbiz/trunk/applications/accounting/servicedef/services_invoice.xml (original)
+++ ofbiz/trunk/applications/accounting/servicedef/services_invoice.xml Tue Jun 30 00:32:24 2009
@@ -247,7 +247,7 @@
<attribute name="sendTo" type="String" mode="IN" optional="false"/>
<attribute name="sendCc" type="String" mode="IN" optional="true"/>
<attribute name="subject" type="String" mode="IN" optional="true"/>
- <attribute name="bodyText" type="String" mode="IN" optional="true" allow-html="any"/>
+ <attribute name="bodyText" type="String" mode="IN" optional="true" allow-html="safe"/>
<attribute name="other" type="String" mode="IN" optional="true"/><!-- to send the invoice in the 'other' currency (y) -->
</service>
<service name="checkInvoicePaymentApplications" engine="java"
Modified: ofbiz/trunk/framework/common/servicedef/services_email.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/servicedef/services_email.xml?rev=789506&r1=789505&r2=789506&view=diff
==============================================================================
--- ofbiz/trunk/framework/common/servicedef/services_email.xml (original)
+++ ofbiz/trunk/framework/common/servicedef/services_email.xml Tue Jun 30 00:32:24 2009
@@ -49,7 +49,7 @@
<description>Send E-Mail Service. partyId and communicationEventId aren't used by sendMail
but are passed down to storeEmailAsCommunication during the SECA chain. See sendMailInterface for more comments.</description>
<implements service="sendMailInterface"/>
- <attribute name="body" type="String" mode="INOUT" optional="false" allow-html="any"/>
+ <attribute name="body" type="String" mode="INOUT" optional="false" allow-html="safe"/>
<override name="contentType" mode="INOUT"/>
<override name="subject" mode="INOUT" optional="false"/>
<override name="emailType" type="String" mode="INOUT" optional="true"/>
@@ -67,16 +67,16 @@
location="org.ofbiz.common.email.EmailServices" invoke="sendMailFromUrl">
<description>Send E-Mail From URL Service</description>
<implements service="sendMailInterface"/>
- <attribute name="bodyUrl" type="String" mode="IN" optional="false" allow-html="any"/>
+ <attribute name="bodyUrl" type="String" mode="IN" optional="false"/>
<attribute name="bodyUrlParameters" type="Map" mode="IN" optional="true"/>
- <attribute name="body" type="String" mode="OUT" optional="false" allow-html="any"/>
+ <attribute name="body" type="String" mode="OUT" optional="false" allow-html="safe"/>
</service>
<service name="sendMailFromScreen" max-retry="3" engine="java"
location="org.ofbiz.common.email.EmailServices" invoke="sendMailFromScreen">
<description>Send E-Mail From Screen Widget Service</description>
<implements service="sendMailInterface"/>
- <attribute name="bodyText" type="String" mode="IN" optional="true" allow-html="any"/>
- <attribute name="bodyScreenUri" type="String" mode="IN" optional="true" allow-html="any"/>
+ <attribute name="bodyText" type="String" mode="IN" optional="true" allow-html="safe"/>
+ <attribute name="bodyScreenUri" type="String" mode="IN" optional="true"/>
<attribute name="xslfoAttachScreenLocation" type="String" mode="IN" optional="true"/>
<attribute name="attachmentName" type="String" mode="IN" optional="true"/>
<attribute name="bodyParameters" type="Map" mode="IN" optional="true"/>
@@ -90,7 +90,7 @@
<implements service="sendMailInterface"/>
<attribute name="emailTemplateSettingId" type="String" mode="IN" optional="false"/>
<attribute name="partyIdTo" type="String" mode="IN" optional="true"/>
- <attribute name="bodyText" type="String" mode="IN" optional="true" allow-html="any"/>
+ <attribute name="bodyText" type="String" mode="IN" optional="true" allow-html="safe"/>
<attribute name="attachmentName" type="String" mode="IN" optional="true"/>
<attribute name="bodyParameters" type="Map" mode="IN" optional="true"/>
<attribute name="webSiteId" type="String" mode="IN" optional="true"/>
@@ -101,8 +101,8 @@
location="" invoke="">
<description>Send Template Based Notification Service</description>
<implements service="sendMailInterface"/>
- <attribute name="body" type="String" mode="INOUT" optional="true" allow-html="any"/>
- <attribute name="baseUrl" type="String" mode="IN" optional="true" allow-html="any"/>
+ <attribute name="body" type="String" mode="INOUT" optional="true" allow-html="safe"/>
+ <attribute name="baseUrl" type="String" mode="IN" optional="true" allow-html="safe"/>
<attribute name="templateName" type="String" mode="IN" optional="false"/>
<attribute name="templateData" type="Map" mode="IN" optional="true"/>
<attribute name="webSiteId" type="String" mode="IN" optional="true"/>
@@ -111,7 +111,7 @@
location="" invoke="">
<description>Send Template Based Notification Service</description>
<implements service="prepareNotificationInterface"/>
- <attribute name="body" type="String" mode="IN" optional="true" allow-html="any"/>
+ <attribute name="body" type="String" mode="IN" optional="true" allow-html="safe"/>
<attribute name="templateName" type="String" mode="IN" optional="false"/>
<attribute name="templateData" type="Map" mode="IN" optional="true"/>
<attribute name="webSiteId" type="String" mode="IN" optional="true"/>