(ofbiz-framework) branch trunk updated: Improved: Prevent URL parameters manipulation (OFBIZ-13147)

Mon, 25 Nov 2024 23:33:06 -0800 

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 578cb539d8 Improved: Prevent URL parameters manipulation (OFBIZ-13147)
578cb539d8 is described below

commit 578cb539d84f3a0efbe7945160849c39c424c5d8
Author: Jacques Le Roux <[email protected]>
AuthorDate: Tue Nov 26 08:31:02 2024 +0100

    Improved: Prevent URL parameters manipulation (OFBIZ-13147)
    
    Reverts the revert in OFBIZ-13162
    Adds a @SuppressWarnings("unused") to MacroFormRenderer::executeMacro
---
 .../org/apache/ofbiz/widget/renderer/macro/MacroFormRenderer.java  | 1 +
 .../org/apache/ofbiz/widget/renderer/macro/MacroMenuRenderer.java  | 7 ++++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git 
a/framework/widget/src/main/java/org/apache/ofbiz/widget/renderer/macro/MacroFormRenderer.java
 
b/framework/widget/src/main/java/org/apache/ofbiz/widget/renderer/macro/MacroFormRenderer.java
index b732b86c45..c7d13be353 100644
--- 
a/framework/widget/src/main/java/org/apache/ofbiz/widget/renderer/macro/MacroFormRenderer.java
+++ 
b/framework/widget/src/main/java/org/apache/ofbiz/widget/renderer/macro/MacroFormRenderer.java
@@ -157,6 +157,7 @@ public final class MacroFormRenderer implements 
FormStringRenderer {
      * @param locale
      * @param macro
      */
+    @SuppressWarnings("unused")
     private void executeMacro(Appendable writer, Locale locale, String macro) {
         ftlWriter.processFtlString(writer, locale, macro);
     }
diff --git 
a/framework/widget/src/main/java/org/apache/ofbiz/widget/renderer/macro/MacroMenuRenderer.java
 
b/framework/widget/src/main/java/org/apache/ofbiz/widget/renderer/macro/MacroMenuRenderer.java
index 0a5b96310d..c989c32819 100644
--- 
a/framework/widget/src/main/java/org/apache/ofbiz/widget/renderer/macro/MacroMenuRenderer.java
+++ 
b/framework/widget/src/main/java/org/apache/ofbiz/widget/renderer/macro/MacroMenuRenderer.java
@@ -268,7 +268,12 @@ public class MacroMenuRenderer implements 
MenuStringRenderer {
                 targetParameters.append(parameter.getKey());
                 targetParameters.append("'");
                 targetParameters.append(",'value':'");
-                targetParameters.append(parameter.getValue());
+                UtilCodec.SimpleEncoder simpleEncoder = 
(UtilCodec.SimpleEncoder) context.get("simpleEncoder");
+                if (simpleEncoder != null) {
+                    
targetParameters.append(simpleEncoder.encode(parameter.getValue()));
+                } else {
+                    targetParameters.append(parameter.getValue());
+                }
                 targetParameters.append("'}");
             }
             targetParameters.append("]");

Reply via email to