You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2020/12/20 10:20:18 UTC
[ofbiz-framework] 01/02: Fixed: Make ruleName field in
PriceForms.xml#AddPriceRules safe (OFBIZ-12098)
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
commit 4e400fb47a0ddaf271cc8c97a05ad77fbf7e0c34
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Sun Dec 20 11:02:27 2020 +0100
Fixed: Make ruleName field in PriceForms.xml#AddPriceRules safe (OFBIZ-12098)
I noticed an issue due to entity-auto. Unlike with a standard service you can't
protect fields using allow-html="safe" except by overriding fields. So in case
this must be done one by one...
An example is ruleName field in PriceForms.xml#AddPriceRules with
createProductPriceRule and updateProductPriceRule services
This fixes this only case...
Also removes trailing blanks and only that (by IDE setting)
---
.../product/servicedef/services_pricepromo.xml | 54 +++++++++++-----------
1 file changed, 27 insertions(+), 27 deletions(-)
diff --git a/applications/product/servicedef/services_pricepromo.xml b/applications/product/servicedef/services_pricepromo.xml
index 86bbdb8..44af235 100644
--- a/applications/product/servicedef/services_pricepromo.xml
+++ b/applications/product/servicedef/services_pricepromo.xml
@@ -72,7 +72,7 @@ under the License.
<permission-service service-name="productPriceGenericPermission" main-action="CREATE"/>
<auto-attributes include="pk" mode="OUT" optional="false"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
- <override name="ruleName" optional="false"/>
+ <override name="ruleName" optional="false" allow-html="safe"/>
</service>
<service name="updateProductPriceRule" default-entity-name="ProductPriceRule" engine="entity-auto" invoke="update" auth="true">
<description>Update a ProductPriceRule</description>
@@ -386,62 +386,62 @@ under the License.
<service name="productPromoCondProductTotal" engine="groovy" auth="false"
location="component://product/groovyScripts/product/promo/ProductPromoCondServices.groovy" invoke="productTotal">
<description>Product promo condition service on the product Total</description>
- <implements service="interfaceProductPromoCond"/>
+ <implements service="interfaceProductPromoCond"/>
</service>
<service name="productPromoCondProductQuant" engine="groovy" auth="false"
location="component://product/groovyScripts/product/promo/ProductPromoCondServices.groovy" invoke="productQuant">
<description>Product promo condition service on quantity </description>
- <implements service="interfaceProductPromoCond"/>
+ <implements service="interfaceProductPromoCond"/>
</service>
<service name="productPromoCondNewACCT" engine="groovy" auth="false"
location="component://product/groovyScripts/product/promo/ProductPromoCondServices.groovy" invoke="productNewACCT">
<description>Product promo condition service on Account Days Since Created </description>
- <implements service="interfaceProductPromoCond"/>
+ <implements service="interfaceProductPromoCond"/>
</service>
<service name="productPromoCondPartyID" engine="groovy" auth="false"
location="component://product/groovyScripts/product/promo/ProductPromoCondServices.groovy" invoke="productPartyID">
<description>Product promo condition service on party ID </description>
- <implements service="interfaceProductPromoCond"/>
+ <implements service="interfaceProductPromoCond"/>
</service>
<service name="productPromoCondPartyGM" engine="groovy" auth="false"
location="component://product/groovyScripts/product/promo/ProductPromoCondServices.groovy" invoke="productPartyGM">
<description>Product promo condition service on party group member </description>
- <implements service="interfaceProductPromoCond"/>
+ <implements service="interfaceProductPromoCond"/>
</service>
<service name="productPromoCondPartyClass" engine="groovy" auth="false"
location="component://product/groovyScripts/product/promo/ProductPromoCondServices.groovy" invoke="productPartyClass">
<description>Product promo condition service on party Classification </description>
- <implements service="interfaceProductPromoCond"/>
+ <implements service="interfaceProductPromoCond"/>
</service>
<service name="productPromoCondRoleType" engine="groovy" auth="false"
location="component://product/groovyScripts/product/promo/ProductPromoCondServices.groovy" invoke="productRoleType">
<description>Product promo condition service on role type </description>
- <implements service="interfaceProductPromoCond"/>
+ <implements service="interfaceProductPromoCond"/>
</service>
<service name="productPromoCondGeoID" engine="groovy" auth="false"
location="component://product/groovyScripts/product/promo/ProductPromoCondServices.groovy" invoke="productGeoID">
<description>Product promo condition service on shipping destination </description>
- <implements service="interfaceProductPromoCond"/>
+ <implements service="interfaceProductPromoCond"/>
</service>
<service name="productPromoCondOrderTotal" engine="groovy" auth="false"
location="component://product/groovyScripts/product/promo/ProductPromoCondServices.groovy" invoke="productOrderTotal">
<description>Product promo condition service on cart sub-total </description>
- <implements service="interfaceProductPromoCond"/>
+ <implements service="interfaceProductPromoCond"/>
</service>
<service name="productPromoCondOrderHist" engine="groovy" auth="false"
location="component://product/groovyScripts/product/promo/ProductPromoCondServices.groovy" invoke="productOrderHist">
<description>Product promo condition service on Order sub-total X in last Y Months </description>
- <implements service="interfaceProductPromoCond"/>
+ <implements service="interfaceProductPromoCond"/>
</service>
<service name="productPromoCondOrderYear" engine="groovy" auth="false"
location="component://product/groovyScripts/product/promo/ProductPromoCondServices.groovy" invoke="productOrderYear">
<description>Product promo condition service on Order sub-total X since beginning of current year </description>
- <implements service="interfaceProductPromoCond"/>
+ <implements service="interfaceProductPromoCond"/>
</service>
<service name="productPromoCondOrderLastYear" engine="groovy" auth="false"
location="component://product/groovyScripts/product/promo/ProductPromoCondServices.groovy" invoke="productOrderLastYear">
<description>Product promo condition service on Order sub-total X last year </description>
- <implements service="interfaceProductPromoCond"/>
+ <implements service="interfaceProductPromoCond"/>
</service>
<service name="productPromoCondPromoRecurrence" engine="groovy" auth="false"
location="component://product/groovyScripts/product/promo/ProductPromoCondServices.groovy" invoke="productPromoRecurrence">
@@ -451,17 +451,17 @@ under the License.
<service name="productPromoCondOrderShipTotal" engine="groovy" auth="false"
location="component://product/groovyScripts/product/promo/ProductPromoCondServices.groovy" invoke="productShipTotal">
<description>Product promo condition service on promotion recurrence </description>
- <implements service="interfaceProductPromoCond"/>
+ <implements service="interfaceProductPromoCond"/>
</service>
<service name="productPromoCondListPriceMinAmount" engine="groovy" auth="false"
location="component://product/groovyScripts/product/promo/ProductPromoCondServices.groovy" invoke="productListPriceMinAmount">
<description>Product promo condition service on shipping total </description>
- <implements service="interfaceProductPromoCond"/>
+ <implements service="interfaceProductPromoCond"/>
</service>
<service name="productPromoCondListPriceMinPercent" engine="groovy" auth="false"
location="component://product/groovyScripts/product/promo/ProductPromoCondServices.groovy" invoke="productListPriceMinPercent">
<description>Product promo condition service on shipping total </description>
- <implements service="interfaceProductPromoCond"/>
+ <implements service="interfaceProductPromoCond"/>
</service>
<!-- ProductPricePromoAction services -->
@@ -475,51 +475,51 @@ under the License.
<service name="productPromoActGiftGWP" engine="groovy" auth="false"
location="component://product/groovyScripts/product/promo/ProductPromoActionServices.groovy" invoke="productGWP">
<description>Product promo Action gift with purchase </description>
- <implements service="interfaceProductPromoAction"/>
+ <implements service="interfaceProductPromoAction"/>
</service>
<service name="productPromoActFreeShip" engine="groovy" auth="false"
location="component://product/groovyScripts/product/promo/ProductPromoActionServices.groovy" invoke="productActFreeShip">
<description>Product promo Action free shipping </description>
- <implements service="interfaceProductPromoAction"/>
+ <implements service="interfaceProductPromoAction"/>
</service>
<service name="productPromoActProdDISC" engine="groovy" auth="false"
location="component://product/groovyScripts/product/promo/ProductPromoActionServices.groovy" invoke="productDISC">
<description>Product promo Action product discount % </description>
- <implements service="interfaceProductPromoAction"/>
+ <implements service="interfaceProductPromoAction"/>
</service>
<service name="productPromoActProdAMDISC" engine="groovy" auth="false"
location="component://product/groovyScripts/product/promo/ProductPromoActionServices.groovy" invoke="productAMDISC">
<description>Product promo Action product discount </description>
- <implements service="interfaceProductPromoAction"/>
+ <implements service="interfaceProductPromoAction"/>
</service>
<service name="productPromoActProdPrice" engine="groovy" auth="false"
location="component://product/groovyScripts/product/promo/ProductPromoActionServices.groovy" invoke="productPrice">
<description>Product promo Action product price </description>
- <implements service="interfaceProductPromoAction"/>
+ <implements service="interfaceProductPromoAction"/>
</service>
<service name="productPromoActOrderPercent" engine="groovy" auth="false"
location="component://product/groovyScripts/product/promo/ProductPromoActionServices.groovy" invoke="productOrderPercent">
<description>Product promo Action order percent </description>
- <implements service="interfaceProductPromoAction"/>
+ <implements service="interfaceProductPromoAction"/>
</service>
<service name="productPromoActOrderAmount" engine="groovy" auth="false"
location="component://product/groovyScripts/product/promo/ProductPromoActionServices.groovy" invoke="productOrderAmount">
<description>Product promo Action order amount </description>
- <implements service="interfaceProductPromoAction"/>
+ <implements service="interfaceProductPromoAction"/>
</service>
<service name="productPromoActProdSpecialPrice" engine="groovy" auth="false"
location="component://product/groovyScripts/product/promo/ProductPromoActionServices.groovy" invoke="productSpecialPrice">
<description>Product promo Action product special price </description>
- <implements service="interfaceProductPromoAction"/>
+ <implements service="interfaceProductPromoAction"/>
</service>
<service name="productPromoActTaxPercent" engine="groovy" auth="false"
location="component://product/groovyScripts/product/promo/ProductPromoActionServices.groovy" invoke="productTaxPercent">
<description>Product promo Action product tax percent </description>
- <implements service="interfaceProductPromoAction"/>
+ <implements service="interfaceProductPromoAction"/>
</service>
<service name="productPromoActShipCharge" engine="groovy" auth="false"
location="component://product/groovyScripts/product/promo/ProductPromoActionServices.groovy" invoke="productShipCharge">
<description>Product promo Action product shipping charge </description>
- <implements service="interfaceProductPromoAction"/>
+ <implements service="interfaceProductPromoAction"/>
</service>
-</services>
+</services>