You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2020/12/20 10:20:16 UTC

[ofbiz-framework] branch release17.12 updated: Fixed: Make ruleName field in PriceForms.xml#AddPriceRules safe (OFBIZ-12098)

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release17.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/release17.12 by this push:
     new 3982f8d  Fixed: Make ruleName field in PriceForms.xml#AddPriceRules safe (OFBIZ-12098)
3982f8d is described below

commit 3982f8d526d2cee9bd4bf4093e806c5af1bd880a
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Sun Dec 20 11:02:27 2020 +0100

    Fixed: Make ruleName field in PriceForms.xml#AddPriceRules safe (OFBIZ-12098)
    
    I noticed an issue due to entity-auto. Unlike with a standard service you can't
    protect fields using allow-html="safe" except by overriding fields. So in case
    this must be done one by one...
    
    An example is ruleName field in PriceForms.xml#AddPriceRules with
    createProductPriceRule and updateProductPriceRule services
    
    This fixes this only case...
    Also removes trailing blanks and only that (by IDE setting)
    
    Conflicts handled by hand
    applications/product/servicedef/services_pricepromo.xml
---
 applications/product/servicedef/services_pricepromo.xml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/applications/product/servicedef/services_pricepromo.xml b/applications/product/servicedef/services_pricepromo.xml
index 5b67bec..82faa90 100644
--- a/applications/product/servicedef/services_pricepromo.xml
+++ b/applications/product/servicedef/services_pricepromo.xml
@@ -72,13 +72,14 @@ under the License.
         <permission-service service-name="productPriceGenericPermission" main-action="CREATE"/>
         <auto-attributes include="pk" mode="OUT" optional="false"/>
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
-        <override name="ruleName" optional="false"/>
+        <override name="ruleName" optional="false" allow-html="safe"/>
     </service>
     <service name="updateProductPriceRule" default-entity-name="ProductPriceRule" engine="entity-auto" invoke="update" auth="true">
         <description>Update a ProductPriceRule</description>
         <permission-service service-name="productPriceGenericPermission" main-action="UPDATE"/>
         <auto-attributes include="pk" mode="IN" optional="false"/>
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
+        <override name="ruleName" optional="false" allow-html="safe"/>
     </service>
     <service name="deleteProductPriceRule" default-entity-name="ProductPriceRule" engine="entity-auto" invoke="delete" auth="true">
         <description>Delete a ProductPriceRule</description>