Strange behavior on 1.4.2

[Louis Smith <dr...@gmail.com>]

One of the technologies that we have under Continuum management at one of
my clients is Oracle Forms.

The vendor supplied scripts to build/deploy require parameters including a
database linkage parm in the form of id/pw@instance

This seems to now have an issue - reporting "Arguments contains invalid
characters".

Looks like BuildDefinitionAction-saveBuildDefinition-validation.xml has
gotten more aggressive in checking the arguments line.

Advice on an easy "global" fix for this, or do I need to edit all the
validation.xml files?

Thanks,

Louis

Dr. Louis Smith, ThD
Chief Technology Officer, Kyra Solutions, Inc.
Museum Director, Veterans Memorial Railroad

Re: Strange behavior on 1.4.2

[Louis Smith <dr...@gmail.com>]

the oops is deeper than I thought.  if you have a project name with
parenthesis [Our Really Cool (ORC) project] it will load; if you edit it on
screen the edit will reject the name; but the next run puts it back from
the pom update code.  Can't have the pom loader/update routine accepting
what a screen edit won't.

Whatever the character suppression rules are for the XSS concerns, the POM
loader/validator must use the same.

Dr. Louis Smith, ThD
Chief Technology Officer, Kyra Solutions, Inc.
Museum Director, Veterans Memorial Railroad

On Tue, Aug 11, 2015 at 8:35 PM, Brent Atkinson <br...@gmail.com>
wrote:

> Hi Louis,
>
> There isn't a global fix unfortunately. It appears input for a number of
> controls was white-listed in order to prevent cross site scripting (XSS)
> vulnerabilities, as described in
> https://issues.apache.org/jira/browse/CONTINUUM-2620. You are welcome to
> submit an issue and an appropriate patch expanding the input allowed for
> the controls in question. From your email, it seems you would only need to
> expand the argument fields.
>
> Brent
>
> On Tue, Aug 4, 2015 at 4:57 PM, Louis Smith <dr...@gmail.com>
> wrote:
>
> > One of the technologies that we have under Continuum management at one of
> > my clients is Oracle Forms.
> >
> > The vendor supplied scripts to build/deploy require parameters including
> a
> > database linkage parm in the form of id/pw@instance
> >
> > This seems to now have an issue - reporting "Arguments contains invalid
> > characters".
> >
> > Looks like BuildDefinitionAction-saveBuildDefinition-validation.xml has
> > gotten more aggressive in checking the arguments line.
> >
> > Advice on an easy "global" fix for this, or do I need to edit all the
> > validation.xml files?
> >
> > Thanks,
> >
> > Louis
> >
> > Dr. Louis Smith, ThD
> > Chief Technology Officer, Kyra Solutions, Inc.
> > Museum Director, Veterans Memorial Railroad
> >
>

Re: Strange behavior on 1.4.2

[Brent Atkinson <br...@gmail.com>]

Hi Louis,

There isn't a global fix unfortunately. It appears input for a number of
controls was white-listed in order to prevent cross site scripting (XSS)
vulnerabilities, as described in
https://issues.apache.org/jira/browse/CONTINUUM-2620. You are welcome to
submit an issue and an appropriate patch expanding the input allowed for
the controls in question. From your email, it seems you would only need to
expand the argument fields.

Brent

On Tue, Aug 4, 2015 at 4:57 PM, Louis Smith <dr...@gmail.com>
wrote:

> One of the technologies that we have under Continuum management at one of
> my clients is Oracle Forms.
>
> The vendor supplied scripts to build/deploy require parameters including a
> database linkage parm in the form of id/pw@instance
>
> This seems to now have an issue - reporting "Arguments contains invalid
> characters".
>
> Looks like BuildDefinitionAction-saveBuildDefinition-validation.xml has
> gotten more aggressive in checking the arguments line.
>
> Advice on an easy "global" fix for this, or do I need to edit all the
> validation.xml files?
>
> Thanks,
>
> Louis
>
> Dr. Louis Smith, ThD
> Chief Technology Officer, Kyra Solutions, Inc.
> Museum Director, Veterans Memorial Railroad
>