You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by ha...@apache.org on 2009/06/30 02:37:03 UTC
svn commit: r789509 - in /ofbiz/branches/release09.04: ./
applications/accounting/servicedef/services_invoice.xml
framework/common/servicedef/services_email.xml
Author: hansbak
Date: Tue Jun 30 00:37:03 2009
New Revision: 789509
URL: http://svn.apache.org/viewvc?rev=789509&view=rev
Log:
Applied fix from trunk for revision: 789506
only allow 'safe' in in/outgoing email
Modified:
ofbiz/branches/release09.04/ (props changed)
ofbiz/branches/release09.04/applications/accounting/servicedef/services_invoice.xml
ofbiz/branches/release09.04/framework/common/servicedef/services_email.xml
Propchange: ofbiz/branches/release09.04/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Jun 30 00:37:03 2009
@@ -1 +1 @@
-/ofbiz/trunk:765933,766011,766015,766293,766307,766316,766325,766462,766522,766800,767060,767072,767093,767098-767099,767102,767123,767125,767127,767279,767287,767671,767688,767694,767822,767845,768358,768490,768550,768675,768686,768705,768811,768815,768960,769030,769500,770272,770997,771073,772401,772464-772465,773076,773557,773628,773659,773697,774014,774632,774661,774995,775292,775667,776227,776594,776620,776922,777004,777020,777768,777792,777893,777947,778078,778094,778107,778278,778280,778364,778374,778402,778576,778594,778628,779020,779477,779496,779639,779834,779856,779866,779873,780111,780138,780180,780199,780203,780906,780945,781201,781534,781549,781669,781680,781694,782663,783257,783266,783833,783913,783917,785123,785764,785967,786778,787126,787435-787436,787442,787520,788965,788983,788987,789329,789337
+/ofbiz/trunk:765933,766011,766015,766293,766307,766316,766325,766462,766522,766800,767060,767072,767093,767098-767099,767102,767123,767125,767127,767279,767287,767671,767688,767694,767822,767845,768358,768490,768550,768675,768686,768705,768811,768815,768960,769030,769500,770272,770997,771073,772401,772464-772465,773076,773557,773628,773659,773697,774014,774632,774661,774995,775292,775667,776227,776594,776620,776922,777004,777020,777768,777792,777893,777947,778078,778094,778107,778278,778280,778364,778374,778402,778576,778594,778628,779020,779477,779496,779639,779834,779856,779866,779873,780111,780138,780180,780199,780203,780906,780945,781201,781534,781549,781669,781680,781694,782663,783257,783266,783833,783913,783917,785123,785764,785967,786778,787126,787435-787436,787442,787520,788965,788983,788987,789329,789337,789506
Modified: ofbiz/branches/release09.04/applications/accounting/servicedef/services_invoice.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/release09.04/applications/accounting/servicedef/services_invoice.xml?rev=789509&r1=789508&r2=789509&view=diff
==============================================================================
--- ofbiz/branches/release09.04/applications/accounting/servicedef/services_invoice.xml (original)
+++ ofbiz/branches/release09.04/applications/accounting/servicedef/services_invoice.xml Tue Jun 30 00:37:03 2009
@@ -247,7 +247,7 @@
<attribute name="sendTo" type="String" mode="IN" optional="false"/>
<attribute name="sendCc" type="String" mode="IN" optional="true"/>
<attribute name="subject" type="String" mode="IN" optional="true"/>
- <attribute name="bodyText" type="String" mode="IN" optional="true" allow-html="any"/>
+ <attribute name="bodyText" type="String" mode="IN" optional="true" allow-html="safe"/>
<attribute name="other" type="String" mode="IN" optional="true"/><!-- to send the invoice in the 'other' currency (y) -->
</service>
<service name="checkInvoicePaymentApplications" engine="java"
Modified: ofbiz/branches/release09.04/framework/common/servicedef/services_email.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/release09.04/framework/common/servicedef/services_email.xml?rev=789509&r1=789508&r2=789509&view=diff
==============================================================================
--- ofbiz/branches/release09.04/framework/common/servicedef/services_email.xml (original)
+++ ofbiz/branches/release09.04/framework/common/servicedef/services_email.xml Tue Jun 30 00:37:03 2009
@@ -46,7 +46,7 @@
<description>Send E-Mail Service. partyId and communicationEventId aren't used by sendMail
but are passed down to storeEmailAsCommunication during the SECA chain. See sendMailInterface for more comments.</description>
<implements service="sendMailInterface"/>
- <attribute name="body" type="String" mode="INOUT" optional="false" allow-html="any"/>
+ <attribute name="body" type="String" mode="INOUT" optional="false" allow-html="safe"/>
<attribute name="communicationEventId" type="String" mode="INOUT" optional="true"/>
<override name="contentType" mode="INOUT"/>
<override name="subject" mode="INOUT" optional="false"/>
@@ -65,16 +65,16 @@
location="org.ofbiz.common.email.EmailServices" invoke="sendMailFromUrl">
<description>Send E-Mail From URL Service</description>
<implements service="sendMailInterface"/>
- <attribute name="bodyUrl" type="String" mode="IN" optional="false" allow-html="any"/>
+ <attribute name="bodyUrl" type="String" mode="IN" optional="false"/>
<attribute name="bodyUrlParameters" type="Map" mode="IN" optional="true"/>
- <attribute name="body" type="String" mode="OUT" optional="false" allow-html="any"/>
+ <attribute name="body" type="String" mode="OUT" optional="false" allow-html="safe"/>
</service>
<service name="sendMailFromScreen" max-retry="3" engine="java"
location="org.ofbiz.common.email.EmailServices" invoke="sendMailFromScreen">
<description>Send E-Mail From Screen Widget Service</description>
<implements service="sendMailInterface"/>
- <attribute name="bodyText" type="String" mode="IN" optional="true" allow-html="any"/>
- <attribute name="bodyScreenUri" type="String" mode="IN" optional="true" allow-html="any"/>
+ <attribute name="bodyText" type="String" mode="IN" optional="true" allow-html="safe"/>
+ <attribute name="bodyScreenUri" type="String" mode="IN" optional="true"/>
<attribute name="xslfoAttachScreenLocation" type="String" mode="IN" optional="true"/>
<attribute name="attachmentName" type="String" mode="IN" optional="true"/>
<attribute name="bodyParameters" type="Map" mode="IN" optional="true"/>
@@ -87,7 +87,7 @@
<implements service="sendMailInterface"/>
<attribute name="emailTemplateSettingId" type="String" mode="IN" optional="false"/>
<attribute name="partyIdTo" type="String" mode="IN" optional="true"/>
- <attribute name="bodyText" type="String" mode="IN" optional="true" allow-html="any"/>
+ <attribute name="bodyText" type="String" mode="IN" optional="true" allow-html="safe"/>
<attribute name="attachmentName" type="String" mode="IN" optional="true"/>
<attribute name="bodyParameters" type="Map" mode="IN" optional="true"/>
<attribute name="webSiteId" type="String" mode="IN" optional="true"/>
@@ -98,8 +98,8 @@
location="" invoke="">
<description>Send Template Based Notification Service</description>
<implements service="sendMailInterface"/>
- <attribute name="body" type="String" mode="INOUT" optional="true" allow-html="any"/>
- <attribute name="baseUrl" type="String" mode="IN" optional="true" allow-html="any"/>
+ <attribute name="body" type="String" mode="INOUT" optional="true" allow-html="safe"/>
+ <attribute name="baseUrl" type="String" mode="IN" optional="true" allow-html="safe"/>
<attribute name="templateName" type="String" mode="IN" optional="false"/>
<attribute name="templateData" type="Map" mode="IN" optional="true"/>
<attribute name="webSiteId" type="String" mode="IN" optional="true"/>
@@ -108,7 +108,7 @@
location="" invoke="">
<description>Send Template Based Notification Service</description>
<implements service="prepareNotificationInterface"/>
- <attribute name="body" type="String" mode="IN" optional="true" allow-html="any"/>
+ <attribute name="body" type="String" mode="IN" optional="true" allow-html="safe"/>
<attribute name="templateName" type="String" mode="IN" optional="false"/>
<attribute name="templateData" type="Map" mode="IN" optional="true"/>
<attribute name="webSiteId" type="String" mode="IN" optional="true"/>