order...

Jacques Le Roux Sat, 26 Sep 2015 04:04:21 -0700

Hi Deepak,

I just spotted that before committing r1705405. I will handle that now


Also while automatically (but handling conflicts by hand) I (it?) also missed 
some class files (see r1705406).

Thanks

Jacques

Le 26/09/2015 11:24, Deepak Dixit a écrit :

Hi Jacques,

ecommerce is broken, I think you missed some groovy file where description, 
name is used directly. like

categoryDescription = categoryContentWrapper.DESCRIPTION;

I am getting following error while accession ecommerce on updated local box:
{code}
[java] Caused by: java.lang.IllegalArgumentException: Error running script at 
location 
[component://order/webapp/ordermgr/WEB-INF/actions/entry/catalog/Category.groovy]:
 groovy.lang.MissingPropertyException: No such property: DESCRIPTION for class: 
org.ofbiz.product.category.CategoryContentWrapper

{code}


Thanks & Regards
—
Deepak Dixit

On Sep 25, 2015, at 10:14 PM, Jacques Le Roux <jacques.le.r...@les7arts.com> 
wrote:

I did not backport to older releases because of too much conflicts, anyway it's 
a low vulnerability

Jacqued


Le 25/09/2015 18:34, jler...@apache.org a écrit :

Author: jleroux
Date: Fri Sep 25 16:34:34 2015
New Revision: 1705331

URL: http://svn.apache.org/viewvc?rev=1705331&view=rev
Log:
"Applied fix from trunk for revision: 1705329  " (conflicts handled by hand)
------------------------------------------------------------------------
r1705329 | jleroux | 2015-09-25 18:27:12 +0200 (ven. 25 sept. 2015) | 20 lignes

I found a possible XSS attack through 
ProductContentWrapper.java.getProductContentAsText() which is notably used in 
several FTL files. This exists also in others *ContentWrapper.java.
Note that in supported releases it's hard to exploit, it's a Stored XSS 
https://www.owasp.org/index.php/Types_of_Cross-Site_Scripting which means you 
need 1st to somehow inject exploiting code in the DB.

This fixes it by changing the ContentWrapper interface
from
     public interface ContentWrapper {
         public StringUtil.StringWrapper get(String contentTypeId);
     }
to
     public interface ContentWrapper {
         public StringUtil.StringWrapper get(String contentTypeId, String 
encoderType) {
     }

And changing the Category, Party, Product, ProductPromo and WorkEffort ContentWrapperS accordingly. 
This means to use 2 types of encoderTypes: "html" and "url".
The "html"  encoderType will be used for all ProductContentTypes but those who contain URL in their 
ContentTypeIdS (actually end with, "_URL") which will use "url" encoderType.
It concerns not only the get() method but also methods like 
getPartyContentAsText(), getProductContentAsText(), etc.

It seems a big change but it's straightforward. It's normally complete.

There are some (unrelated) tabs replaced by spaces here and there, and few 
trailing spaces removed but nothing big
------------------------------------------------------------------------


Modified:
     ofbiz/branches/release14.12/   (props changed)
     
ofbiz/branches/release14.12/applications/accounting/webapp/accounting/reports/SalesInvoiceByProductCategorySummary.ftl
     
ofbiz/branches/release14.12/applications/content/src/org/ofbiz/content/content/ContentWrapper.java
     
ofbiz/branches/release14.12/applications/order/src/org/ofbiz/order/order/OrderReturnServices.java
     
ofbiz/branches/release14.12/applications/order/src/org/ofbiz/order/shoppingcart/ShoppingCartItem.java
     
ofbiz/branches/release14.12/applications/order/src/org/ofbiz/order/shoppingcart/product/ProductPromoWorker.java
     
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/InlineProductDetail.groovy
     
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/ProductDetail.groovy
     
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/WEB-INF/actions/order/CompanyHeader.groovy
     
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/SplitShip.ftl
     
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/cart/showcartitems.ftl
     
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/breadcrumbs.ftl
     
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/categorydetail.ftl
     
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/compareproducts.ftl
     
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/compareproductslist.ftl
     
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/configproductdetail.ftl
     
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/inlineProductDetail.ftl
     
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/productdetail.ftl
     
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/productsummary.ftl
     
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/quickaddsummary.ftl
     
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/order/editorderitems.ftl
     
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/order/orderinfo.ftl
     
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/order/orderitems.ftl
     
ofbiz/branches/release14.12/applications/party/webapp/partymgr/party/editShoppingList.ftl
     
ofbiz/branches/release14.12/applications/party/webapp/partymgr/party/profileblocks/SerializedInventory.ftl
     
ofbiz/branches/release14.12/applications/product/src/org/ofbiz/product/category/CatalogUrlFilter.java
     
ofbiz/branches/release14.12/applications/product/src/org/ofbiz/product/product/ProductContentWrapper.java
     
ofbiz/branches/release14.12/applications/product/src/org/ofbiz/product/product/ProductPromoContentWrapper.java
     
ofbiz/branches/release14.12/applications/product/src/org/ofbiz/product/product/ProductSearch.java
     
ofbiz/branches/release14.12/applications/product/src/org/ofbiz/product/product/ProductWorker.java
     
ofbiz/branches/release14.12/applications/product/webapp/catalog/WEB-INF/actions/category/EditCategoryContentContent.groovy
     
ofbiz/branches/release14.12/applications/product/webapp/catalog/product/AddAdditionalImages.ftl
     
ofbiz/branches/release14.12/applications/product/widget/catalog/ProductForms.xml
     
ofbiz/branches/release14.12/specialpurpose/ebay/src/org/ofbiz/ebay/ProductsExportToEbay.java
     
ofbiz/branches/release14.12/specialpurpose/ebaystore/webapp/ebaystore/store/productsearchExport.ftl
     
ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/cart/UpdateCart.ftl
     
ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/cart/showcart.ftl
     
ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/catalog/LayeredCategoryDetail.ftl
     
ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/catalog/ProductCategoryLink.ftl
     
ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/catalog/configproductdetail.ftl
     
ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/catalog/miniproductsummary.ftl
     
ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/catalog/productdetail.ftl
     
ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/customer/SerializedInventorySummary.ftl
     
ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/customer/SubscriptionSummary.ftl
     
ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/order/splitship.ftl
     
ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/shoppinglist/editShoppingList.ftl
     
ofbiz/branches/release14.12/specialpurpose/webpos/webapp/webpos/cart/ShowCart.ftl
     
ofbiz/branches/release14.12/specialpurpose/webpos/webapp/webpos/cart/ShowCartItemSelected.ftl
     
ofbiz/branches/release14.12/specialpurpose/webpos/webapp/webpos/catalog/CategoryDetail.ftl

Propchange: ofbiz/branches/release14.12/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Sep 25 16:34:34 2015
@@ -8,4 +8,4 @@
  /ofbiz/branches/json-integration-refactoring:1634077-1635900
  /ofbiz/branches/multitenant20100310:921280-927264
  /ofbiz/branches/release13.07:1547657
-/ofbiz/trunk:1649072,1649083-1649084,1649086,1649090,1649096,1649230,1649238-1649239,1649248,1649272,1649275,1649280-1649281,1649283,1649285-1649286,1649291,1649329,1649331,1649384,1649393,1649666,1649742,1650240,1650348,1650357,1650583,1650642,1650678,1650821,1650882,1650887,1650938,1651593,1652312,1652361,1652638,1652641,1652672,1652688,1652706,1652725,1652731,1652739,1652852,1653248,1653296,1653456,1653597,1653614,1654175,1654273,1654509,1654670,1654672-1654673,1654683-1654684,1654824,1655046,1655668,1655979,1656014,1656185,1656198,1656445,1656983,1657323,1657506-1657507,1657514,1657714,1657790,1657848,1658364,1658662,1658882,1659224,1659965,1660031,1660053,1660389,1660444,1660579,1661303,1661328,1661760,1661778,1661853,1661862,1661873,1661940,1661951,1661977,1662119-1662120,1662361,1662500,1662812,1662919,1663202,1663912,1663979,1664602,1664604,1664696,1665154,1665162,1665535,1666404,1666511,1666633,1666836,1666939,1666949,1666958,1667055,1667253,1667483,1667492,1667774!
  ,1668207,
  
1668214,1668236,1668246,1668258,1668263,1668265,1668270,1668277,1668314,1668657,1669317,1669588,1672427,1672430,1672846,1672853,1672856,1672862,1672873,1673764,1674447,1674464,1674491,1674496,1674908,1676674,1677123,1677597,1677769-1677770,1678294,1678882,1678911,1679689,1679697,1679709,1679720,1679728,1679732,1679957,1680155,1680288,1680304,1680671,1680675,1680733,1680840,1680881,1682272,1682295,1682415,1682633,1683998,1684094,1686360,1686536,1686545,1686566,1686569,1686574,1686583,1686635,1686651,1686970,1687427,1688772,1690086,1690581,1692357,1692458,1692600,1692604,1693393,1693579,1695017,1696234,1697590,1697647,1697993,1698259,1698261,1698263,1701164,1701441,1701819,1701825,1701936,1702002,1702548,1702704,1703121,1703586,1703945,1703954,1703965,1703971,1703976-1703977,1703981,1704000,1704014,1704018,1704036,1704043,1704052,1704082,1704140,1704230,1705004
+/ofbiz/trunk:1649072,1649083-1649084,1649086,1649090,1649096,1649230,1649238-1649239,1649248,1649272,1649275,1649280-1649281,1649283,1649285-1649286,1649291,1649329,1649331,1649384,1649393,1649666,1649742,1650240,1650348,1650357,1650583,1650642,1650678,1650821,1650882,1650887,1650938,1651593,1652312,1652361,1652638,1652641,1652672,1652688,1652706,1652725,1652731,1652739,1652852,1653248,1653296,1653456,1653597,1653614,1654175,1654273,1654509,1654670,1654672-1654673,1654683-1654684,1654824,1655046,1655668,1655979,1656014,1656185,1656198,1656445,1656983,1657323,1657506-1657507,1657514,1657714,1657790,1657848,1658364,1658662,1658882,1659224,1659965,1660031,1660053,1660389,1660444,1660579,1661303,1661328,1661760,1661778,1661853,1661862,1661873,1661940,1661951,1661977,1662119-1662120,1662361,1662500,1662812,1662919,1663202,1663912,1663979,1664602,1664604,1664696,1665154,1665162,1665535,1666404,1666511,1666633,1666836,1666939,1666949,1666958,1667055,1667253,1667483,1667492,1667774!
  ,1668207,
  
1668214,1668236,1668246,1668258,1668263,1668265,1668270,1668277,1668314,1668657,1669317,1669588,1672427,1672430,1672846,1672853,1672856,1672862,1672873,1673764,1674447,1674464,1674491,1674496,1674908,1676674,1677123,1677597,1677769-1677770,1678294,1678882,1678911,1679689,1679697,1679709,1679720,1679728,1679732,1679957,1680155,1680288,1680304,1680671,1680675,1680733,1680840,1680881,1682272,1682295,1682415,1682633,1683998,1684094,1686360,1686536,1686545,1686566,1686569,1686574,1686583,1686635,1686651,1686970,1687427,1688772,1690086,1690581,1692357,1692458,1692600,1692604,1693393,1693579,1695017,1696234,1697590,1697647,1697993,1698259,1698261,1698263,1701164,1701441,1701819,1701825,1701936,1702002,1702548,1702704,1703121,1703586,1703945,1703954,1703965,1703971,1703976-1703977,1703981,1704000,1704014,1704018,1704036,1704043,1704052,1704082,1704140,1704230,1705004,1705329

Modified: 
ofbiz/branches/release14.12/applications/accounting/webapp/accounting/reports/SalesInvoiceByProductCategorySummary.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/accounting/webapp/accounting/reports/SalesInvoiceByProductCategorySummary.ftl?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/accounting/webapp/accounting/reports/SalesInvoiceByProductCategorySummary.ftl
 (original)
+++ 
ofbiz/branches/release14.12/applications/accounting/webapp/accounting/reports/SalesInvoiceByProductCategorySummary.ftl
 Fri Sep 25 16:34:34 2015
@@ -27,7 +27,7 @@ under the License.
    <ul>
      <li>Month: ${month}/${year}</li>
-    <li>Root Category: 
${(Static["org.ofbiz.product.category.CategoryContentWrapper"].getProductCategoryContentAsText(rootProductCategory,
 "CATEGORY_NAME", locale, dispatcher))!} [${rootProductCategoryId}]</li>
+    <li>Root Category: 
${(Static["org.ofbiz.product.category.CategoryContentWrapper"].getProductCategoryContentAsText(rootProductCategory,
 "CATEGORY_NAME", locale, dispatcher, "html"))!} [${rootProductCategoryId}]</li>
      <li>Organization: ${(organizationPartyName.groupName)!} 
[${organizationPartyId?default("No Organization Specified")}]</li>
      <li>Currency: ${(currencyUom.description)!} [${currencyUomId?default("No Currency 
Specified")}]</li>
  </ul>
@@ -38,10 +38,10 @@ under the License.
          <td>Day</td>
          <td>[No Product]</td>
      <#list productList as product>
-        
<td>${product.internalName?default((Static["org.ofbiz.product.product.ProductContentWrapper"].getProductContentAsText(product,
 "PRODUCT_NAME", locale, dispatcher))!)}<br />P:[${product.productId}]</td>
+        
<td>${product.internalName?default((Static["org.ofbiz.product.product.ProductContentWrapper"].getProductContentAsText(product,
 "PRODUCT_NAME", locale, dispatcher, "html"))!)}<br />P:[${product.productId}]</td>
      </#list>
      <#list productCategoryList as productCategory>
-        
<td>${(Static["org.ofbiz.product.category.CategoryContentWrapper"].getProductCategoryContentAsText(productCategory,
 "CATEGORY_NAME", locale, dispatcher))!}<br />C:[${productCategory.productCategoryId}]</td>
+        
<td>${(Static["org.ofbiz.product.category.CategoryContentWrapper"].getProductCategoryContentAsText(productCategory,
 "CATEGORY_NAME", locale, dispatcher, "html"))!}<br 
/>C:[${productCategory.productCategoryId}]</td>
      </#list>
      </tr>
      <#-- Days of the month -->

Modified: 
ofbiz/branches/release14.12/applications/content/src/org/ofbiz/content/content/ContentWrapper.java
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/content/src/org/ofbiz/content/content/ContentWrapper.java?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/content/src/org/ofbiz/content/content/ContentWrapper.java
 (original)
+++ 
ofbiz/branches/release14.12/applications/content/src/org/ofbiz/content/content/ContentWrapper.java
 Fri Sep 25 16:34:34 2015
@@ -26,6 +26,6 @@ import org.ofbiz.base.util.StringUtil;
    public interface ContentWrapper {
  -    public StringUtil.StringWrapper get(String contentTypeId);
+    public StringUtil.StringWrapper get(String contentTypeId, String 
encoderType);
    }

Modified: 
ofbiz/branches/release14.12/applications/order/src/org/ofbiz/order/order/OrderReturnServices.java
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/order/src/org/ofbiz/order/order/OrderReturnServices.java?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/order/src/org/ofbiz/order/order/OrderReturnServices.java
 (original)
+++ 
ofbiz/branches/release14.12/applications/order/src/org/ofbiz/order/order/OrderReturnServices.java
 Fri Sep 25 16:34:34 2015
@@ -1845,7 +1845,7 @@ public class OrderReturnServices {
                                      newItem.set("itemDescription", 
orderItem.get("itemDescription"));
                                  } else {
                                      newItem.set("productId", 
refurbItem.get("productId"));
-                                    newItem.set("itemDescription", 
ProductContentWrapper.getProductContentAsText(refurbItem, "PRODUCT_NAME", locale, null));
+                                    newItem.set("itemDescription", 
ProductContentWrapper.getProductContentAsText(refurbItem, "PRODUCT_NAME", locale, null, 
"html"));
                                  }
                                  newItem.set("orderItemTypeId", 
orderItem.get("orderItemTypeId"));
                                  newItem.set("productFeatureId", 
orderItem.get("productFeatureId"));
@@ -1960,7 +1960,7 @@ public class OrderReturnServices {
                                                  newItem.set("productId", 
repairItemProduct.get("productId"));
                                                  // TODO: orderItemTypeId, 
prodCatalogId, productCategoryId
                                                  newItem.set("quantity", 
repairQuantity);
-                                                newItem.set("itemDescription", 
ProductContentWrapper.getProductContentAsText(repairItemProduct, "PRODUCT_NAME", locale, 
null));
+                                                newItem.set("itemDescription", 
ProductContentWrapper.getProductContentAsText(repairItemProduct, "PRODUCT_NAME", locale, null, 
"html"));
                                                  newItem.set("statusId", 
"ITEM_CREATED");
                                                  orderItems.add(newItem);
                                                  additionalItemTotal = 
additionalItemTotal.add(repairQuantity.multiply(repairUnitPrice));

Modified: 
ofbiz/branches/release14.12/applications/order/src/org/ofbiz/order/shoppingcart/ShoppingCartItem.java
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/order/src/org/ofbiz/order/shoppingcart/ShoppingCartItem.java?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/order/src/org/ofbiz/order/shoppingcart/ShoppingCartItem.java
 (original)
+++ 
ofbiz/branches/release14.12/applications/order/src/org/ofbiz/order/shoppingcart/ShoppingCartItem.java
 Fri Sep 25 16:34:34 2015
@@ -717,12 +717,12 @@ public class ShoppingCartItem implements
      protected ShoppingCartItem(GenericValue product, Map<String, GenericValue> 
additionalProductFeatureAndAppls, Map<String, Object> attributes, String 
prodCatalogId, Locale locale, String itemType, ShoppingCart.ShoppingCartItemGroup 
itemGroup) {
          this(product, additionalProductFeatureAndAppls, attributes, 
prodCatalogId, null, locale, itemType, itemGroup, null);
           if (product != null) {
-            String productName = ProductContentWrapper.getProductContentAsText(product, 
"PRODUCT_NAME", this.locale, null);
+            String productName = ProductContentWrapper.getProductContentAsText(product, 
"PRODUCT_NAME", this.locale, null, "html");
              // if the productName is null or empty, see if there is an 
associated virtual product and get the productName of that product
              if (UtilValidate.isEmpty(productName)) {
                  GenericValue parentProduct = this.getParentProduct();
                  if (parentProduct != null) {
-                    productName = 
ProductContentWrapper.getProductContentAsText(parentProduct, "PRODUCT_NAME", 
this.locale, null);
+                    productName = ProductContentWrapper.getProductContentAsText(parentProduct, 
"PRODUCT_NAME", this.locale, null, "html");
                  }
              }
  @@ -1756,12 +1756,12 @@ public class ShoppingCartItem implements
         } else {
          GenericValue product = getProduct();
          if (product != null) {
-            String productName = ProductContentWrapper.getProductContentAsText(product, 
"PRODUCT_NAME", this.locale, null);
+            String productName = ProductContentWrapper.getProductContentAsText(product, 
"PRODUCT_NAME", this.locale, null, "html");
              // if the productName is null or empty, see if there is an 
associated virtual product and get the productName of that product
              if (UtilValidate.isEmpty(productName)) {
                  GenericValue parentProduct = this.getParentProduct();
                  if (parentProduct != null) {
-                    productName = 
ProductContentWrapper.getProductContentAsText(parentProduct, "PRODUCT_NAME", 
this.locale, null);
+                    productName = ProductContentWrapper.getProductContentAsText(parentProduct, 
"PRODUCT_NAME", this.locale, null, "html");
                  }
              }
              if (productName == null) {
@@ -1780,13 +1780,13 @@ public class ShoppingCartItem implements
          GenericValue product = getProduct();
            if (product != null) {
-            String description = ProductContentWrapper.getProductContentAsText(product, 
"DESCRIPTION", this.locale, null);
+            String description = ProductContentWrapper.getProductContentAsText(product, 
"DESCRIPTION", this.locale, null, "html");
                // if the description is null or empty, see if there is an 
associated virtual product and get the description of that product
              if (UtilValidate.isEmpty(description)) {
                  GenericValue parentProduct = this.getParentProduct();
                  if (parentProduct != null) {
-                    description = 
ProductContentWrapper.getProductContentAsText(parentProduct, "DESCRIPTION", 
this.locale, null);
+                    description = ProductContentWrapper.getProductContentAsText(parentProduct, 
"DESCRIPTION", this.locale, null, "html");
                  }
              }
  @@ -2590,7 +2590,7 @@ public class ShoppingCartItem implements
          }
            if (UtilValidate.isEmpty(itemDescription)) {
-            itemDescription = ProductContentWrapper.getProductContentAsText(product, 
"PRODUCT_NAME", locale, null);
+            itemDescription = ProductContentWrapper.getProductContentAsText(product, 
"PRODUCT_NAME", locale, null, "html");
          }
            return itemDescription;

Modified: 
ofbiz/branches/release14.12/applications/order/src/org/ofbiz/order/shoppingcart/product/ProductPromoWorker.java
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/order/src/org/ofbiz/order/shoppingcart/product/ProductPromoWorker.java?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/order/src/org/ofbiz/order/shoppingcart/product/ProductPromoWorker.java
 (original)
+++ 
ofbiz/branches/release14.12/applications/order/src/org/ofbiz/order/shoppingcart/product/ProductPromoWorker.java
 Fri Sep 25 16:34:34 2015
@@ -712,7 +712,7 @@ public class ProductPromoWorker {
                  if (UtilValidate.isEmpty(messageContext.get("partyId"))) 
messageContext.put("partyId", "any");
                  GenericValue product = 
EntityQuery.use(delegator).from("Product").where("productId", 
productId).cache().queryOne();
                  if (product != null) {
-                    messageContext.put("productName", 
ProductContentWrapper.getProductContentAsText(product, "PRODUCT_NAME", locale, null));
+                    messageContext.put("productName", 
ProductContentWrapper.getProductContentAsText(product, "PRODUCT_NAME", locale, null, 
"html"));
                  }
                    String msgProp = UtilProperties.getMessage("promotext", "action." + 
productPromoAction.getString("productPromoActionEnumId"), messageContext, locale);

Modified: 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/InlineProductDetail.groovy
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/InlineProductDetail.groovy?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/InlineProductDetail.groovy
 (original)
+++ 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/InlineProductDetail.groovy
 Fri Sep 25 16:34:34 2015
@@ -51,8 +51,8 @@ if (inlineProductId) {
      if (inlineProduct) {
          context.product = inlineProduct;
          contentWrapper = new ProductContentWrapper(inlineProduct, request);
-        context.put("title", contentWrapper.get("PRODUCT_NAME"));
-        context.put("metaDescription", contentWrapper.get("DESCRIPTION"));
+        context.put("title", contentWrapper.get("PRODUCT_NAME", "html"));
+        context.put("metaDescription", contentWrapper.get("DESCRIPTION", 
"html"));
          productTemplate = product.detailScreen;
          if (productTemplate) {
              detailScreen = productTemplate;
@@ -115,7 +115,7 @@ if (inlineProduct) {
      context.productContentWrapper = productContentWrapper;
        // get the main detail image (virtual or single product)
-    mainDetailImage = productContentWrapper.get("DETAIL_IMAGE_URL");
+    mainDetailImage = productContentWrapper.get("DETAIL_IMAGE_URL", "url");
      if (mainDetailImage) {
          mainDetailImageUrl = ContentUrlTag.getContentPrefix(request) + 
mainDetailImage;
          context.mainDetailImageUrl = mainDetailImageUrl.toString();
@@ -225,8 +225,8 @@ if (inlineProduct) {
                              contentWrapper = new 
ProductContentWrapper(imageMap[key], request);
                                // initial image paths
-                            detailImage = contentWrapper.get("DETAIL_IMAGE_URL") ?: 
productContentWrapper.get("DETAIL_IMAGE_URL");
-                            largeImage = contentWrapper.get("LARGE_IMAGE_URL") ?: 
productContentWrapper.get("LARGE_IMAGE_URL");
+                            detailImage = contentWrapper.get("DETAIL_IMAGE_URL", "url") ?: 
productContentWrapper.get("DETAIL_IMAGE_URL", "url");
+                            largeImage = contentWrapper.get("LARGE_IMAGE_URL", "url") ?: 
productContentWrapper.get("LARGE_IMAGE_URL", "url");
                                // full image URLs
                              detailImageUrl = null;

Modified: 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/ProductDetail.groovy
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/ProductDetail.groovy?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/ProductDetail.groovy
 (original)
+++ 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/ProductDetail.groovy
 Fri Sep 25 16:34:34 2015
@@ -121,7 +121,7 @@ if (product) {
      context.productContentWrapper = productContentWrapper;
        // get the main detail image (virtual or single product)
-    mainDetailImage = productContentWrapper.get("DETAIL_IMAGE_URL");
+    mainDetailImage = productContentWrapper.get("DETAIL_IMAGE_URL", "url");
      if (mainDetailImage) {
          mainDetailImageUrl = ContentUrlTag.getContentPrefix(request) + 
mainDetailImage;
          context.mainDetailImageUrl = mainDetailImageUrl.toString();
@@ -347,8 +347,8 @@ if (product) {
                              contentWrapper = new 
ProductContentWrapper(imageMap[key], request);
                                // initial image paths
-                            detailImage = contentWrapper.get("DETAIL_IMAGE_URL") ?: 
productContentWrapper.get("DETAIL_IMAGE_URL");
-                            largeImage = contentWrapper.get("LARGE_IMAGE_URL") ?: 
productContentWrapper.get("LARGE_IMAGE_URL");
+                            detailImage = contentWrapper.get("DETAIL_IMAGE_URL", "url") ?: 
productContentWrapper.get("DETAIL_IMAGE_URL", "url");
+                            largeImage = contentWrapper.get("LARGE_IMAGE_URL", "url") ?: 
productContentWrapper.get("LARGE_IMAGE_URL", "url");
                                // full image URLs
                              detailImageUrl = null;

Modified: 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/WEB-INF/actions/order/CompanyHeader.groovy
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/order/webapp/ordermgr/WEB-INF/actions/order/CompanyHeader.groovy?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/WEB-INF/actions/order/CompanyHeader.groovy
 (original)
+++ 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/WEB-INF/actions/order/CompanyHeader.groovy
 Fri Sep 25 16:34:34 2015
@@ -213,7 +213,7 @@ if (emails) {
    // website
  websiteUrls = from("PartyContactWithPurpose")
-                  .where("partyId", partyId, "contactMechPurposeTypeId", 
"PRIMARY_WEB_URL")
+                  .where("partyId", partyId, "contactMechPurposeTypeId", 
"PRIMARY_WEB_URL", "url")
                    .filterByDate("contactFromDate", "contactThruDate", 
"purposeFromDate", "purposeThruDate")
                    .queryList();
  if (websiteUrls) {

Modified: 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/SplitShip.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/SplitShip.ftl?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/SplitShip.ftl
 (original)
+++ 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/SplitShip.ftl
 Fri Sep 25 16:34:34 2015
@@ -176,7 +176,7 @@ function submitForm(form, mode, value) {
                      <#if cartLine.getProductId()??>
                        <#-- product item -->
                        <#-- start code to display a small image of the product 
-->
-                      <#assign smallImageUrl = 
Static["org.ofbiz.product.product.ProductContentWrapper"].getProductContentAsText(cartLine.getProduct(),
 "SMALL_IMAGE_URL", locale, dispatcher)!>
+                      <#assign smallImageUrl = 
Static["org.ofbiz.product.product.ProductContentWrapper"].getProductContentAsText(cartLine.getProduct(), 
"SMALL_IMAGE_URL", locale, dispatcher, "url")!>
                        <#if !smallImageUrl?string?has_content><#assign smallImageUrl = 
"/images/defaultImage.jpg"></#if>
                        <#if smallImageUrl?string?has_content>
                          <a 
href="<@ofbizUrl>product?product_id=${cartLine.getProductId()}</@ofbizUrl>">

Modified: 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/cart/showcartitems.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/cart/showcartitems.ftl?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/cart/showcartitems.ftl
 (original)
+++ 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/cart/showcartitems.ftl
 Fri Sep 25 16:34:34 2015
@@ -238,7 +238,7 @@ under the License.
                    <div>${uiLabelMap.OrderChooseFollowingForGift}:</div>
                    <#list cartLine.getAlternativeOptionProductIds() as 
alternativeOptionProductId>
                      <#assign alternativeOptionProduct = delegator.findOne("Product", 
Static["org.ofbiz.base.util.UtilMisc"].toMap("productId", alternativeOptionProductId), true)>
-                    <#assign alternativeOptionName = 
Static["org.ofbiz.product.product.ProductContentWrapper"].getProductContentAsText(alternativeOptionProduct,
 "PRODUCT_NAME", locale, dispatcher)!>
+                    <#assign alternativeOptionName = 
Static["org.ofbiz.product.product.ProductContentWrapper"].getProductContentAsText(alternativeOptionProduct,
 "PRODUCT_NAME", locale, dispatcher, "html")!>
                      <div><a 
href="<@ofbizUrl>setDesiredAlternateGwpProductId?alternateGwpProductId=${alternativeOptionProductId}&amp;alternateGwpLine=${cartLineIndex}</@ofbizUrl>"
 class="buttontext">Select: ${alternativeOptionName?default(alternativeOptionProductId)}</a></div>
                    </#list>
                  </#if>

Modified: 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/breadcrumbs.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/breadcrumbs.ftl?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/breadcrumbs.ftl
 (original)
+++ 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/breadcrumbs.ftl
 Fri Sep 25 16:34:34 2015
@@ -17,7 +17,7 @@ specific language governing permissions
  under the License.
  -->
  <div class="breadcrumbs">
-<#assign isDefaultTheme = 
!layoutSettings.VT_FTR_TMPLT_LOC?contains("multiflex")>
+<#assign isDefaultTheme = 
!layoutSettings.VT_FTR_TMPLT_LOC?contains("multiflex")>
  <#if isDefaultTheme>
    <a href="<@ofbizUrl>main</@ofbizUrl>" 
class="linktext">${uiLabelMap.CommonMain}</a> &gt;
  <#else>
@@ -52,17 +52,17 @@ under the License.
                     ${crumb}
                   </#if>
                 </a>
-               <#if crumb_has_next> &gt;</#if>
+               <#if crumb_has_next> &gt;</#if>
              </#if>
              <#assign previousCategoryId = crumb />
           </#if>
      </#list>
      <#-- Show the product, if there is one -->
      <#if productContentWrapper??>
-      <#if isDefaultTheme>
-         &nbsp;&gt; ${productContentWrapper.get("PRODUCT_NAME")!}
+      <#if isDefaultTheme>
+         &nbsp;&gt; ${productContentWrapper.get("PRODUCT_NAME", "html")!}
        <#else>
-          <li>${productContentWrapper.get("PRODUCT_NAME")!}</li>
+          <li>${productContentWrapper.get("PRODUCT_NAME", "html")!}</li>
          </ul>
        </#if>
      </#if>

Modified: 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/categorydetail.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/categorydetail.ftl?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/categorydetail.ftl
 (original)
+++ 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/categorydetail.ftl
 Fri Sep 25 16:34:34 2015
@@ -91,7 +91,7 @@ under the License.
          <a 
href="<@ofbizUrl>advancedsearch?SEARCH_CATEGORY_ID=${productCategory.productCategoryId}</@ofbizUrl>" 
class="buttontext">${uiLabelMap.ProductSearchInCategory}</a>
      </#if>
      <#assign longDescription = 
categoryContentWrapper.get("LONG_DESCRIPTION")!/>
-    <#assign categoryImageUrl = 
categoryContentWrapper.get("CATEGORY_IMAGE_URL")!/>
+    <#assign categoryImageUrl = categoryContentWrapper.get("CATEGORY_IMAGE_URL", 
"url")!/>
      <#if categoryImageUrl?string?has_content || longDescription?has_content>
        <div>
          <#if categoryImageUrl?string?has_content>

Modified: 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/compareproducts.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/compareproducts.ftl?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/compareproducts.ftl
 (original)
+++ 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/compareproducts.ftl
 Fri Sep 25 16:34:34 2015
@@ -26,13 +26,13 @@ under the License.
      <#assign productContentWrapper = productData.productContentWrapper/>
      <#assign price = productData.priceMap/>
      <#assign productUrl><@ofbizCatalogAltUrl 
productId=product.productId/></#assign>
-    <#assign smallImageUrl = productContentWrapper.get("SMALL_IMAGE_URL")/>
+    <#assign smallImageUrl = productContentWrapper.get("SMALL_IMAGE_URL", 
"url")/>
      <#if smallImageUrl!?length == 0>
          <#assign smallImageUrl = "/images/defaultImage.jpg"/>
      </#if>
          <td style="width:${tdWidth?c}%;">
              <img 
src="<@ofbizContentUrl>${contentPathPrefix!}${smallImageUrl}</@ofbizContentUrl>" alt="Small 
Image"/><br />
-            ${productContentWrapper.get("PRODUCT_NAME")}<br />
+            ${productContentWrapper.get("PRODUCT_NAME", "html")}<br />
      <#if totalPrice??>
              <div>${uiLabelMap.ProductAggregatedPrice}: <span 
class='basePrice'><@ofbizCurrency amount=totalPrice 
isoCode=totalPrice.currencyUsed/></span></div>
      <#else>
@@ -101,7 +101,7 @@ under the License.
  <#list compareList as product>
      <#assign productData = productDataMap[product.productId]/>
      <#assign productContentWrapper = productData.productContentWrapper/>
-        <td>${productContentWrapper.get("DESCRIPTION")?default("&nbsp;")}</td>
+        <td>${productContentWrapper.get("DESCRIPTION", 
"html")?default("&nbsp;")}</td>
  </#list>
      </tr>
      <#-- Long Description -->
@@ -110,7 +110,7 @@ under the License.
  <#list compareList as product>
      <#assign productData = productDataMap[product.productId]/>
      <#assign productContentWrapper = productData.productContentWrapper/>
-        
<td>${productContentWrapper.get("LONG_DESCRIPTION")?default("&nbsp;")}</td>
+        <td>${productContentWrapper.get("LONG_DESCRIPTION", 
"html")?default("&nbsp;")}</td>
  </#list>
      </tr>
  <#list productFeatureTypeIds as productFeatureTypeId>

Modified: 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/compareproductslist.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/compareproductslist.ftl?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/compareproductslist.ftl
 (original)
+++ 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/compareproductslist.ftl
 Fri Sep 25 16:34:34 2015
@@ -30,7 +30,7 @@ under the License.
      <#list productCompareList as product>
        <tr>
          <td>
-          
${Static["org.ofbiz.product.product.ProductContentWrapper"].getProductContentAsText(product,
 "PRODUCT_NAME", request)}
+          
${Static["org.ofbiz.product.product.ProductContentWrapper"].getProductContentAsText(product, 
"PRODUCT_NAME", request, "html")}
          </td>
          <td>
            <form method="post" action="<@ofbizUrl>removeFromCompare</@ofbizUrl>" 
name="removeFromCompare${product_index}form">

Modified: 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/configproductdetail.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/configproductdetail.ftl?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/configproductdetail.ftl
 (original)
+++ 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/configproductdetail.ftl
 Fri Sep 25 16:34:34 2015
@@ -193,7 +193,7 @@ function getConfigDetails() {
    <#-- Product image/name/price -->
    <tr>
      <td valign="top" width="0">
-      <#assign productLargeImageUrl = 
productContentWrapper.get("LARGE_IMAGE_URL")!>
+      <#assign productLargeImageUrl = productContentWrapper.get("LARGE_IMAGE_URL", 
"url")!>
        <#-- remove the next two lines to always display the virtual image first 
(virtual images must exist) -->
        <#if firstLargeImage?has_content>
          <#assign productLargeImageUrl = firstLargeImage>
@@ -203,8 +203,8 @@ function getConfigDetails() {
        </#if>
      </td>
      <td align="right" valign="top">
-      <h2>${productContentWrapper.get("PRODUCT_NAME")!}</h2>
-      <div>${productContentWrapper.get("DESCRIPTION")!}</div>
+      <h2>${productContentWrapper.get("PRODUCT_NAME", "html")!}</h2>
+      <div>${productContentWrapper.get("DESCRIPTION", "html")!}</div>
        <div><b>${product.productId!}</b></div>
        <#-- example of showing a certain type of feature with the product -->
        <#if sizeProductFeatureAndAppls?has_content>
@@ -394,9 +394,9 @@ function getConfigDetails() {
              <#list imageKeys as key>
                <#assign swatchProduct = imageMap.get(key)>
                <#if swatchProduct?has_content && indexer < maxIndex>
-                <#assign imageUrl = 
Static["org.ofbiz.product.product.ProductContentWrapper"].getProductContentAsText(swatchProduct,
 "SMALL_IMAGE_URL", request)!>
+                <#assign imageUrl = 
Static["org.ofbiz.product.product.ProductContentWrapper"].getProductContentAsText(swatchProduct, 
"SMALL_IMAGE_URL", request, "url")!>
                  <#if !imageUrl?string?has_content>
-                  <#assign imageUrl = 
productContentWrapper.get("SMALL_IMAGE_URL")!>
+                  <#assign imageUrl = productContentWrapper.get("SMALL_IMAGE_URL", 
"url")!>
                  </#if>
                  <#if !imageUrl?string?has_content>
                    <#assign imageUrl = "/images/defaultImage.jpg">
@@ -423,7 +423,7 @@ function getConfigDetails() {
    <#-- Long description of product -->
    <tr>
      <td colspan="2">
-      <div>${productContentWrapper.get("LONG_DESCRIPTION")!}</div>
+      <div>${productContentWrapper.get("LONG_DESCRIPTION", "html")!}</div>
      </td>
    </tr>
  @@ -461,7 +461,7 @@ function getConfigDetails() {
                  <#if instructions?has_content>
                    <a 
href="javascript:showErrorAlert("${uiLabelMap.CommonErrorMessage2}","${instructions}");" 
class="buttontext">Instructions</a>
                  </#if>
-                <#assign image = question.content.get("IMAGE_URL")!>
+                <#assign image = question.content.get("IMAGE_URL", "url")!>
                  <#if image?has_content>
                    <img 
src='<@ofbizContentUrl>${contentPathPrefix!}${image!}</@ofbizContentUrl>' vspace='5' hspace='5' 
class='cssImgSmall' align='left' alt="" />
                  </#if>
@@ -620,7 +620,7 @@ function getConfigDetails() {
    </#if>
    <#if assocProducts?has_content>
      <tr><td>&nbsp;</td></tr>
-    <tr><td colspan="2"><h2>${beforeName!}<#if showName == 
"Y">${productContentWrapper.get("PRODUCT_NAME")!}</#if>${afterName!}</h2></td></tr>
+    <tr><td colspan="2"><h2>${beforeName!}<#if showName == "Y">${productContentWrapper.get("PRODUCT_NAME", 
"html")!}</#if>${afterName!}</h2></td></tr>
      <tr><td><hr /></td></tr>
      <#list assocProducts as productAssoc>
        <tr><td>

Modified: 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/inlineProductDetail.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/inlineProductDetail.ftl?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/inlineProductDetail.ftl
 (original)
+++ 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/inlineProductDetail.ftl
 Fri Sep 25 16:34:34 2015
@@ -258,7 +258,7 @@ ${virtualJavaScript!}
  <table border="0" cellpadding="2" cellspacing="0" width="100%">
    <tr>
      <td align="left" valign="top" width="0">
-      <#assign productLargeImageUrl = 
productContentWrapper.get("LARGE_IMAGE_URL")!>
+      <#assign productLargeImageUrl = productContentWrapper.get("LARGE_IMAGE_URL", 
"url")!>
        <#if firstLargeImage?has_content>
          <#assign productLargeImageUrl = firstLargeImage>
        </#if>
@@ -268,7 +268,7 @@ ${virtualJavaScript!}
        </#if>
      </td>
      <td align="right" valign="top" width="100%">
-    <#--    <h2>${productContentWrapper.get("PRODUCT_NAME")!}</h2>  -->
+    <#--    <h2>${productContentWrapper.get("PRODUCT_NAME", "html")!}</h2>  -->
          <#assign inStock = true>
          <#if product.isVirtual!?upper_case == "Y">
          <#if product.virtualVariantMethodEnum! == "VV_FEATURETREE" && 
featureLists?has_content>
@@ -365,9 +365,9 @@ ${virtualJavaScript!}
              <#list imageKeys as key>
                <#assign swatchProduct = imageMap.get(key)>
                <#if swatchProduct?has_content && indexer < maxIndex>
-                <#assign imageUrl = 
Static["org.ofbiz.product.product.ProductContentWrapper"].getProductContentAsText(swatchProduct,
 "SMALL_IMAGE_URL", request)!>
+                <#assign imageUrl = 
Static["org.ofbiz.product.product.ProductContentWrapper"].getProductContentAsText(swatchProduct, 
"SMALL_IMAGE_URL", request, "url")!>
                  <#if !imageUrl?string?has_content>
-                  <#assign imageUrl = 
productContentWrapper.get("SMALL_IMAGE_URL")!>
+                  <#assign imageUrl = productContentWrapper.get("SMALL_IMAGE_URL", 
"url")!>
                  </#if>
                  <#if !imageUrl?string?has_content>
                    <#assign imageUrl = "/images/defaultImage.jpg">

Modified: 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/productdetail.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/productdetail.ftl?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/productdetail.ftl
 (original)
+++ 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/productdetail.ftl
 Fri Sep 25 16:34:34 2015
@@ -304,7 +304,7 @@ ${virtualJavaScript!}
    <#-- Product image/name/price -->
    <tr>
      <td valign="top" width="0">
-      <#assign productLargeImageUrl = 
productContentWrapper.get("LARGE_IMAGE_URL")!>
+      <#assign productLargeImageUrl = productContentWrapper.get("LARGE_IMAGE_URL", 
"url")!>
        <#-- remove the next two lines to always display the virtual image first 
(virtual images must exist) -->
        <#if firstLargeImage?has_content>
          <#assign productLargeImageUrl = firstLargeImage>
@@ -314,8 +314,8 @@ ${virtualJavaScript!}
        </#if>
      </td>
      <td align="right" valign="top">
-      <h2>${productContentWrapper.get("PRODUCT_NAME")!}</h2>
-      <div>${productContentWrapper.get("DESCRIPTION")!}</div>
+      <h2>${productContentWrapper.get("PRODUCT_NAME", "html")!}</h2>
+      <div>${productContentWrapper.get("DESCRIPTION", "html")!}</div>
        <div><b>${product.productId!}</b></div>
        <#-- example of showing a certain type of feature with the product -->
        <#if sizeProductFeatureAndAppls?has_content>
@@ -596,9 +596,9 @@ ${virtualJavaScript!}
              <#list imageKeys as key>
                <#assign swatchProduct = imageMap.get(key)>
                <#if swatchProduct?has_content && indexer < maxIndex>
-                <#assign imageUrl = 
Static["org.ofbiz.product.product.ProductContentWrapper"].getProductContentAsText(swatchProduct,
 "SMALL_IMAGE_URL", request)!>
+                <#assign imageUrl = 
Static["org.ofbiz.product.product.ProductContentWrapper"].getProductContentAsText(swatchProduct, 
"SMALL_IMAGE_URL", request, "url")!>
                  <#if !imageUrl?string?has_content>
-                  <#assign imageUrl = 
productContentWrapper.get("SMALL_IMAGE_URL")!>
+                  <#assign imageUrl = productContentWrapper.get("SMALL_IMAGE_URL", 
"url")!>
                  </#if>
                  <#if !imageUrl?string?has_content>
                    <#assign imageUrl = "/images/defaultImage.jpg">
@@ -633,8 +633,8 @@ ${virtualJavaScript!}
      <#-- Long description of product -->
    <div id="long-description">
-      <div>${productContentWrapper.get("LONG_DESCRIPTION")!}</div>
-      <div>${productContentWrapper.get("WARNINGS")!}</div>
+      <div>${productContentWrapper.get("LONG_DESCRIPTION", "html")!}</div>
+      <div>${productContentWrapper.get("WARNINGS", "html")!}</div>
    </div>
      <#-- Any attributes/etc may go here -->
@@ -646,7 +646,7 @@ ${virtualJavaScript!}
      <#assign targetRequest = targetRequestName>
    </#if>
    <#if assocProducts?has_content>
-    <h2>${beforeName!}<#if showName == 
"Y">${productContentWrapper.get("PRODUCT_NAME")!}</#if>${afterName!}</h2>
+    <h2>${beforeName!}<#if showName == "Y">${productContentWrapper.get("PRODUCT_NAME", 
"html")!}</#if>${afterName!}</h2>
        <div class="productsummary-container">
      <#list assocProducts as productAssoc>

Modified: 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/productsummary.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/productsummary.ftl?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/productsummary.ftl
 (original)
+++ 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/productsummary.ftl
 Fri Sep 25 16:34:34 2015
@@ -62,7 +62,7 @@ ${virtualJavaScript!}
      <#if requestAttributes.productCategoryMember??>
          <#assign prodCatMem = requestAttributes.productCategoryMember>
      </#if>
-    <#assign smallImageUrl = productContentWrapper.get("SMALL_IMAGE_URL")!>
+    <#assign smallImageUrl = productContentWrapper.get("SMALL_IMAGE_URL", 
"url")!>
      <#if !smallImageUrl?string?has_content><#assign smallImageUrl = 
"/images/defaultImage.jpg"></#if>
      <#-- end variable setup -->
      <#assign productInfoLinkId = "productInfoLink">
@@ -160,9 +160,9 @@ ${virtualJavaScript!}
          </div>
          <div class="productinfo">
            <div>
-            <a href="${productUrl}" 
class="linktext">${productContentWrapper.get("PRODUCT_NAME")!}</a>
+            <a href="${productUrl}" 
class="linktext">${productContentWrapper.get("PRODUCT_NAME", "html")!}</a>
            </div>
-          <div>${productContentWrapper.get("DESCRIPTION")!}<#if 
daysToShip??>&nbsp;-&nbsp;${uiLabelMap.ProductUsuallyShipsIn} <b>${daysToShip}</b> 
${uiLabelMap.CommonDays}!</#if></div>
+          <div>${productContentWrapper.get("DESCRIPTION", "html")!}<#if 
daysToShip??>&nbsp;-&nbsp;${uiLabelMap.ProductUsuallyShipsIn} <b>${daysToShip}</b> 
${uiLabelMap.CommonDays}!</#if></div>
              <#-- Display category-specific product comments -->
            <#if prodCatMem?? && prodCatMem.comments?has_content>

Modified: 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/quickaddsummary.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/quickaddsummary.ftl?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/quickaddsummary.ftl
 (original)
+++ 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/entry/catalog/quickaddsummary.ftl
 Fri Sep 25 16:34:34 2015
@@ -25,7 +25,7 @@ under the License.
    </span>
    <span class="name">
      <div>
-      <a href="<@ofbizUrl>product?product_id=${product.productId}</@ofbizUrl>" 
class="buttontext">${productContentWrapper.get("PRODUCT_NAME")!}</a>
+      <a href="<@ofbizUrl>product?product_id=${product.productId}</@ofbizUrl>" 
class="buttontext">${productContentWrapper.get("PRODUCT_NAME", "html")!}</a>
      </div>
    </span>
    <span class="listPrice">

Modified: 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/order/editorderitems.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/order/webapp/ordermgr/order/editorderitems.ftl?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/order/editorderitems.ftl
 (original)
+++ 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/order/editorderitems.ftl
 Fri Sep 25 16:34:34 2015
@@ -106,7 +106,7 @@ under the License.
                                    <div>
                                        <a href="/catalog/control/EditProduct?productId=${productId}" 
class="buttontext" target="_blank">${uiLabelMap.ProductCatalog}</a>
                                        <a href="/ecommerce/control/product?product_id=${productId}" 
class="buttontext" target="_blank">${uiLabelMap.OrderEcommerce}</a>
-                                      <#if 
orderItemContentWrapper.get("IMAGE_URL")?has_content>
+                                      <#if orderItemContentWrapper.get("IMAGE_URL", 
"url")?has_content>
                                        <a 
href="<@ofbizUrl>viewimage?orderId=${orderId}&amp;orderItemSeqId=${orderItem.orderItemSeqId}&amp;orderContentTypeId=IMAGE_URL</@ofbizUrl>"
 target="_orderImage" class="buttontext">${uiLabelMap.OrderViewImage}</a>
                                        </#if>
                                    </div>

Modified: 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/order/orderinfo.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/order/webapp/ordermgr/order/orderinfo.ftl?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/order/orderinfo.ftl
 (original)
+++ 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/order/orderinfo.ftl
 Fri Sep 25 16:34:34 2015
@@ -223,7 +223,7 @@ under the License.
                </td>
              </tr>
              </#if>
-            <#if orderContentWrapper.get("IMAGE_URL")?has_content>
+            <#if orderContentWrapper.get("IMAGE_URL", "url")?has_content>
              <tr><td colspan="3"><hr /></td></tr>
              <tr>
                <td align="right" valign="top" width="15%" 
class="label">&nbsp;${uiLabelMap.OrderImage}</td>

Modified: 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/order/orderitems.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/order/webapp/ordermgr/order/orderitems.ftl?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/order/orderitems.ftl
 (original)
+++ 
ofbiz/branches/release14.12/applications/order/webapp/ordermgr/order/orderitems.ftl
 Fri Sep 25 16:34:34 2015
@@ -89,7 +89,7 @@ under the License.
                                          </#if>
                                          <a 
href="/catalog/control/EditProduct?productId=${productId}${StringUtil.wrapString(externalKeyParam)}" 
class="buttontext" target="_blank">${uiLabelMap.ProductCatalog}</a>
                                          <a href="/ecommerce/control/product?product_id=${productId}" 
class="buttontext" target="_blank">${uiLabelMap.OrderEcommerce}</a>
-                                        <#if 
orderItemContentWrapper.get("IMAGE_URL")?has_content>
+                                        <#if orderItemContentWrapper.get("IMAGE_URL", 
"url")?has_content>
                                              <a 
href="<@ofbizUrl>viewimage?orderId=${orderId}&amp;orderItemSeqId=${orderItem.orderItemSeqId}&amp;orderContentTypeId=IMAGE_URL</@ofbizUrl>"
                                                 target="_orderImage" 
class="buttontext">${uiLabelMap.OrderViewImage}</a>
                                          </#if>

Modified: 
ofbiz/branches/release14.12/applications/party/webapp/partymgr/party/editShoppingList.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/party/webapp/partymgr/party/editShoppingList.ftl?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/party/webapp/partymgr/party/editShoppingList.ftl
 (original)
+++ 
ofbiz/branches/release14.12/applications/party/webapp/partymgr/party/editShoppingList.ftl
 Fri Sep 25 16:34:34 2015
@@ -206,7 +206,7 @@ under the License.
            <#assign isVirtual = product.isVirtual?? && 
product.isVirtual.equals("Y")>
            <tr valign="middle"<#if alt_row> class="alternate-row"</#if>>
              <td><a 
href="/catalog/control/EditProduct?productId=${shoppingListItem.productId}&amp;externalLoginKey=${requestAttributes.externalLoginKey}">${shoppingListItem.productId}
 -
-              ${productContentWrapper.get("PRODUCT_NAME")?default("No Name")}</a> : 
${productContentWrapper.get("DESCRIPTION")!}
+              ${productContentWrapper.get("PRODUCT_NAME", "html")?default("No Name")}</a> : 
${productContentWrapper.get("DESCRIPTION", "html")!}
              </td>
              <form method="post" 
action="<@ofbizUrl>removeFromShoppingList</@ofbizUrl>" 
name='removeform_${shoppingListItem.shoppingListItemSeqId}'>
                <input type="hidden" name="shoppingListId" 
value="${shoppingListItem.shoppingListId}" />

Modified: 
ofbiz/branches/release14.12/applications/party/webapp/partymgr/party/profileblocks/SerializedInventory.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/party/webapp/partymgr/party/profileblocks/SerializedInventory.ftl?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/party/webapp/partymgr/party/profileblocks/SerializedInventory.ftl
 (original)
+++ 
ofbiz/branches/release14.12/applications/party/webapp/partymgr/party/profileblocks/SerializedInventory.ftl
 Fri Sep 25 16:34:34 2015
@@ -47,7 +47,7 @@ under the License.
                                      <#assign product = 
Static['org.ofbiz.product.product.ProductWorker'].getParentProduct(product.productId, 
delegator)!>
                                  </#if>
                                  <#if product?has_content>
-                                    <#assign productName = 
Static['org.ofbiz.product.product.ProductContentWrapper'].getProductContentAsText(product,
 'PRODUCT_NAME', request)!>
+                                    <#assign productName = 
Static['org.ofbiz.product.product.ProductContentWrapper'].getProductContentAsText(product, 
'PRODUCT_NAME', request, "html")!>
                                      <a 
href="/catalog/control/EditProduct?productId=${product.productId}&amp;externalLoginKey=${requestAttributes.externalLoginKey!}">${productName?default(product.productId)}</a>
                                  </#if>
                              </#if>

Modified: 
ofbiz/branches/release14.12/applications/product/src/org/ofbiz/product/category/CatalogUrlFilter.java
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/product/src/org/ofbiz/product/category/CatalogUrlFilter.java?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/product/src/org/ofbiz/product/category/CatalogUrlFilter.java
 (original)
+++ 
ofbiz/branches/release14.12/applications/product/src/org/ofbiz/product/category/CatalogUrlFilter.java
 Fri Sep 25 16:34:34 2015
@@ -354,7 +354,7 @@ public class CatalogUrlFilter extends Co
        public static String makeCategoryUrl(Delegator delegator, 
CategoryContentWrapper wrapper, List<String> trail, String contextPath, String 
previousCategoryId, String productCategoryId, String productId, String viewSize, 
String viewIndex, String viewSort, String searchString) {
          String url = "";
-        StringWrapper alternativeUrl = wrapper.get("ALTERNATIVE_URL");
+        StringWrapper alternativeUrl = wrapper.get("ALTERNATIVE_URL", "url");
                    if (UtilValidate.isNotEmpty(alternativeUrl) && 
UtilValidate.isNotEmpty(alternativeUrl.toString())) {
              StringBuilder urlBuilder = new StringBuilder();
@@ -430,7 +430,7 @@ public class CatalogUrlFilter extends Co
        public static String makeProductUrl(Delegator delegator, 
ProductContentWrapper wrapper, List<String> trail, String contextPath, String 
previousCategoryId, String productCategoryId, String productId) {
          String url = "";
-        StringWrapper alternativeUrl = wrapper.get("ALTERNATIVE_URL");
+        StringWrapper alternativeUrl = wrapper.get("ALTERNATIVE_URL", "url");
          if (UtilValidate.isNotEmpty(alternativeUrl) && 
UtilValidate.isNotEmpty(alternativeUrl.toString())) {
              StringBuilder urlBuilder = new StringBuilder();
              urlBuilder.append(contextPath);

Modified: 
ofbiz/branches/release14.12/applications/product/src/org/ofbiz/product/product/ProductContentWrapper.java
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/product/src/org/ofbiz/product/product/ProductContentWrapper.java?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/product/src/org/ofbiz/product/product/ProductContentWrapper.java
 (original)
+++ 
ofbiz/branches/release14.12/applications/product/src/org/ofbiz/product/product/ProductContentWrapper.java
 Fri Sep 25 16:34:34 2015
@@ -31,10 +31,11 @@ import javolution.util.FastMap;
    import org.ofbiz.base.util.Debug;
  import org.ofbiz.base.util.GeneralException;
+import org.ofbiz.base.util.GeneralRuntimeException;
  import org.ofbiz.base.util.StringUtil;
+import org.ofbiz.base.util.UtilCodec;
  import org.ofbiz.base.util.UtilHttp;
  import org.ofbiz.base.util.UtilValidate;
-import org.ofbiz.base.util.GeneralRuntimeException;
  import org.ofbiz.base.util.cache.UtilCache;
  import org.ofbiz.content.content.ContentWorker;
  import org.ofbiz.content.content.ContentWrapper;
@@ -79,28 +80,30 @@ public class ProductContentWrapper imple
          this.mimeTypeId = "text/html";
      }
  -    public StringUtil.StringWrapper get(String productContentTypeId) {
+    public StringUtil.StringWrapper get(String productContentTypeId, String 
encoderType) {
          if (this.product == null) {
              Debug.logWarning("Tried to get ProductContent for type [" + 
productContentTypeId + "] but the product field in the ProductContentWrapper is null", 
module);
              return null;
          }
-        return 
StringUtil.makeStringWrapper(getProductContentAsText(this.product, 
productContentTypeId, locale, mimeTypeId, null, null, 
this.product.getDelegator(), dispatcher));
+        return 
StringUtil.makeStringWrapper(getProductContentAsText(this.product, 
productContentTypeId, locale, mimeTypeId, null, null, 
this.product.getDelegator(), dispatcher, encoderType));
      }
  -    public static String getProductContentAsText(GenericValue product, 
String productContentTypeId, HttpServletRequest request) {
+    public static String getProductContentAsText(GenericValue product, String 
productContentTypeId, HttpServletRequest request, String encoderType) {
          LocalDispatcher dispatcher = (LocalDispatcher) 
request.getAttribute("dispatcher");
-        return getProductContentAsText(product, productContentTypeId, 
UtilHttp.getLocale(request), "text/html", null, null, product.getDelegator(), 
dispatcher);
+        return getProductContentAsText(product, productContentTypeId, 
UtilHttp.getLocale(request), "text/html", null, null, product.getDelegator(), 
dispatcher, encoderType);
      }
  -    public static String getProductContentAsText(GenericValue product, 
String productContentTypeId, Locale locale, LocalDispatcher dispatcher) {
-        return getProductContentAsText(product, productContentTypeId, locale, 
null, null, null, null, dispatcher);
+    public static String getProductContentAsText(GenericValue product, String 
productContentTypeId, Locale locale, LocalDispatcher dispatcher, String 
encoderType) {
+        return getProductContentAsText(product, productContentTypeId, locale, 
null, null, null, null, dispatcher, encoderType);
      }
  -    public static String getProductContentAsText(GenericValue product, 
String productContentTypeId, Locale locale, String mimeTypeId, String partyId, 
String roleTypeId, Delegator delegator, LocalDispatcher dispatcher) {
+    public static String getProductContentAsText(GenericValue product, String 
productContentTypeId, Locale locale, String mimeTypeId, String partyId,
+            String roleTypeId, Delegator delegator, LocalDispatcher 
dispatcher, String encoderType) {
          if (product == null) {
              return null;
          }
  +        UtilCodec.SimpleEncoder encoder = UtilCodec.getEncoder(encoderType);
          String candidateFieldName = 
ModelUtil.dbNameToVarName(productContentTypeId);
          /* caching: there is one cache created, "product.content"  Each 
product's content is cached with a key of
           * contentTypeId::locale::mimeType::productId, or whatever the 
SEPARATOR is defined above to be.
@@ -116,19 +119,19 @@ public class ProductContentWrapper imple
              getProductContentAsText(null, product, productContentTypeId, 
locale, mimeTypeId, partyId, roleTypeId, delegator, dispatcher, outWriter);
              String outString = outWriter.toString();
              if (outString.length() > 0) {
-                return productContentCache.putIfAbsentAndGet(cacheKey, 
outString);
+                return productContentCache.putIfAbsentAndGet(cacheKey, 
encoder.encode(outString));
              } else {
                  String candidateOut = 
product.getModelEntity().isField(candidateFieldName) ? 
product.getString(candidateFieldName): "";
-                return candidateOut == null? "" : candidateOut;
+                return candidateOut == null? "" : encoder.encode(candidateOut);
              }
          } catch (GeneralException e) {
              Debug.logError(e, "Error rendering ProductContent, inserting empty 
String", module);
              String candidateOut = product.getModelEntity().isField(candidateFieldName) 
? product.getString(candidateFieldName): "";
-            return candidateOut == null? "" : candidateOut;
+            return candidateOut == null? "" : encoder.encode(candidateOut);
          } catch (IOException e) {
              Debug.logError(e, "Error rendering ProductContent, inserting empty 
String", module);
              String candidateOut = product.getModelEntity().isField(candidateFieldName) 
? product.getString(candidateFieldName): "";
-            return candidateOut == null? "" : candidateOut;
+            return candidateOut == null? "" : encoder.encode(candidateOut);
          }
      }

Modified: ofbiz/branches/release14.12/applications/product/src/org/ofbiz/product/product/ProductPromoContentWrapper.java

URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/product/src/org/ofbiz/product/product/ProductPromoContentWrapper.java?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/product/src/org/ofbiz/product/product/ProductPromoContentWrapper.java
 (original)
+++ 
ofbiz/branches/release14.12/applications/product/src/org/ofbiz/product/product/ProductPromoContentWrapper.java
 Fri Sep 25 16:34:34 2015
@@ -34,6 +34,7 @@ import org.ofbiz.base.util.Debug;
  import org.ofbiz.base.util.GeneralException;
  import org.ofbiz.base.util.GeneralRuntimeException;
  import org.ofbiz.base.util.StringUtil;
+import org.ofbiz.base.util.UtilCodec;
  import org.ofbiz.base.util.UtilHttp;
  import org.ofbiz.base.util.UtilMisc;
  import org.ofbiz.base.util.UtilValidate;
@@ -84,28 +85,29 @@ public class ProductPromoContentWrapper
          this.mimeTypeId = "text/html";
      }
  -    public StringUtil.StringWrapper get(String productPromoContentTypeId) {
+    public StringUtil.StringWrapper get(String productPromoContentTypeId, 
String encoderType) {
          if (UtilValidate.isEmpty(this.productPromo)) {
              Debug.logWarning("Tried to get ProductPromoContent for type [" + 
productPromoContentTypeId + "] but the productPromo field in the ProductPromoContentWrapper is 
null", module);
              return null;
          }
-        return 
StringUtil.makeStringWrapper(getProductPromoContentAsText(this.productPromo, 
productPromoContentTypeId, locale, mimeTypeId, null, null, 
this.productPromo.getDelegator(), dispatcher));
+        return 
StringUtil.makeStringWrapper(getProductPromoContentAsText(this.productPromo, 
productPromoContentTypeId, locale, mimeTypeId, null, null, 
this.productPromo.getDelegator(), dispatcher, encoderType));
      }
  -    public static String getProductPromoContentAsText(GenericValue 
productPromo, String productPromoContentTypeId, HttpServletRequest request) {
+    public static String getProductPromoContentAsText(GenericValue 
productPromo, String productPromoContentTypeId, HttpServletRequest request, 
String encoderType) {
          LocalDispatcher dispatcher = (LocalDispatcher) 
request.getAttribute("dispatcher");
-        return getProductPromoContentAsText(productPromo, productPromoContentTypeId, 
UtilHttp.getLocale(request), "text/html", null, null, 
productPromo.getDelegator(), dispatcher);
+        return getProductPromoContentAsText(productPromo, productPromoContentTypeId, 
UtilHttp.getLocale(request), "text/html", null, null, 
productPromo.getDelegator(), dispatcher, encoderType);
      }
  -    public static String getProductContentAsText(GenericValue productPromo, 
String productPromoContentTypeId, Locale locale, LocalDispatcher dispatcher) {
-        return getProductPromoContentAsText(productPromo, 
productPromoContentTypeId, locale, null, null, null, null, dispatcher);
+    public static String getProductContentAsText(GenericValue productPromo, 
String productPromoContentTypeId, Locale locale, LocalDispatcher dispatcher, 
String encoderType) {
+        return getProductPromoContentAsText(productPromo, 
productPromoContentTypeId, locale, null, null, null, null, dispatcher, 
encoderType);
      }
  -    public static String getProductPromoContentAsText(GenericValue 
productPromo, String productPromoContentTypeId, Locale locale, String 
mimeTypeId, String partyId, String roleTypeId, Delegator delegator, 
LocalDispatcher dispatcher) {
+    public static String getProductPromoContentAsText(GenericValue 
productPromo, String productPromoContentTypeId, Locale locale, String 
mimeTypeId, String partyId, String roleTypeId, Delegator delegator, 
LocalDispatcher dispatcher, String encoderType) {
          if (UtilValidate.isEmpty(productPromo)) {
              return null;
          }
  +        UtilCodec.SimpleEncoder encoder = UtilCodec.getEncoder(encoderType);
          String candidateFieldName = 
ModelUtil.dbNameToVarName(productPromoContentTypeId);
          /* caching: there is one cache created, "product.promo.content"  Each 
productPromo's content is cached with a key of
           * contentTypeId::locale::mimeType::productPromoId, or whatever the 
SEPARATOR is defined above to be.
@@ -121,19 +123,19 @@ public class ProductPromoContentWrapper
              getProductPromoContentAsText(null, productPromo, 
productPromoContentTypeId, locale, mimeTypeId, partyId, roleTypeId, delegator, 
dispatcher, outWriter);
              String outString = outWriter.toString();
              if (outString.length() > 0) {
-                return productPromoContentCache.putIfAbsentAndGet(cacheKey, 
outString);
+                return productPromoContentCache.putIfAbsentAndGet(cacheKey, 
encoder.encode(outString));
              } else {
                  String candidateOut = 
productPromo.getModelEntity().isField(candidateFieldName) ? 
productPromo.getString(candidateFieldName): "";
-                return candidateOut == null? "" : candidateOut;
+                return candidateOut == null? "" : encoder.encode(candidateOut);
              }
          } catch (GeneralException e) {
              Debug.logError(e, "Error rendering ProductPromoContent, inserting 
empty String", module);
              String candidateOut = 
productPromo.getModelEntity().isField(candidateFieldName) ? 
productPromo.getString(candidateFieldName): "";
-            return candidateOut == null? "" : candidateOut;
+            return candidateOut == null? "" : encoder.encode(candidateOut);
          } catch (IOException e) {
              Debug.logError(e, "Error rendering ProductPromoContent, inserting 
empty String", module);
              String candidateOut = 
productPromo.getModelEntity().isField(candidateFieldName) ? 
productPromo.getString(candidateFieldName): "";
-            return candidateOut == null? "" : candidateOut;
+            return candidateOut == null? "" : encoder.encode(candidateOut);
          }
      }

Modified: ofbiz/branches/release14.12/applications/product/src/org/ofbiz/product/product/ProductSearch.java

URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/product/src/org/ofbiz/product/product/ProductSearch.java?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/product/src/org/ofbiz/product/product/ProductSearch.java
 (original)
+++ 
ofbiz/branches/release14.12/applications/product/src/org/ofbiz/product/product/ProductSearch.java
 Fri Sep 25 16:34:34 2015
@@ -979,9 +979,9 @@ public class ProductSearch {
              StringBuilder ppBuf = new StringBuilder();
              ppBuf.append(UtilProperties.getMessage(resource, "ProductCategory", 
locale)).append(": ");
              if (productCategory != null) {
-                String catInfo = 
CategoryContentWrapper.getProductCategoryContentAsText(productCategory, 
"CATEGORY_NAME", locale, null);
+                String catInfo = 
CategoryContentWrapper.getProductCategoryContentAsText(productCategory, "CATEGORY_NAME", 
locale, null, "html");
                  if (UtilValidate.isEmpty(catInfo)) {
-                    catInfo = 
CategoryContentWrapper.getProductCategoryContentAsText(productCategory, 
"DESCRIPTION", locale, null);
+                    catInfo = 
CategoryContentWrapper.getProductCategoryContentAsText(productCategory, "DESCRIPTION", 
locale, null, "html");
                  }
                  ppBuf.append(catInfo);
              }

Modified: 
ofbiz/branches/release14.12/applications/product/src/org/ofbiz/product/product/ProductWorker.java
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/product/src/org/ofbiz/product/product/ProductWorker.java?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/product/src/org/ofbiz/product/product/ProductWorker.java
 (original)
+++ 
ofbiz/branches/release14.12/applications/product/src/org/ofbiz/product/product/ProductWorker.java
 Fri Sep 25 16:34:34 2015
@@ -342,7 +342,7 @@ public class ProductWorker {
                  }
                    // got to here, default to PRODUCT_NAME
-                String alternativeProductName = 
ProductContentWrapper.getProductContentAsText(alternativeOptionProduct, 
"PRODUCT_NAME", locale, dispatcher);
+                String alternativeProductName = 
ProductContentWrapper.getProductContentAsText(alternativeOptionProduct, "PRODUCT_NAME", 
locale, dispatcher, "html");
                  // Debug.logInfo("Using PRODUCT_NAME: " + 
alternativeProductName, module);
                  return alternativeProductName;
              }

Modified: 
ofbiz/branches/release14.12/applications/product/webapp/catalog/WEB-INF/actions/category/EditCategoryContentContent.groovy
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/product/webapp/catalog/WEB-INF/actions/category/EditCategoryContentContent.groovy?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/product/webapp/catalog/WEB-INF/actions/category/EditCategoryContentContent.groovy
 (original)
+++ 
ofbiz/branches/release14.12/applications/product/webapp/catalog/WEB-INF/actions/category/EditCategoryContentContent.groovy
 Fri Sep 25 16:34:34 2015
@@ -59,6 +59,6 @@ if ("RELATED_URL".equals(prodCatContentT
          context.dataResourceTypeId = "VIDEO_OBJECT";
      }
      context.contentFormName = "EditCategoryContentDownload";
-       context.contentFormTitle = 
"${uiLabelMap.ProductUpdateDownloadContentCategory}";
-       
+    context.contentFormTitle = 
"${uiLabelMap.ProductUpdateDownloadContentCategory}";
+
  }

Modified: 
ofbiz/branches/release14.12/applications/product/webapp/catalog/product/AddAdditionalImages.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/product/webapp/catalog/product/AddAdditionalImages.ftl?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/product/webapp/catalog/product/AddAdditionalImages.ftl
 (original)
+++ 
ofbiz/branches/release14.12/applications/product/webapp/catalog/product/AddAdditionalImages.ftl
 Fri Sep 25 16:34:34 2015
@@ -17,10 +17,10 @@ specific language governing permissions
  under the License.
  -->
  <#if product?has_content>
-  <#assign productAdditionalImage1 = 
(Static["org.ofbiz.product.product.ProductContentWrapper"].getProductContentAsText(product, 
"ADDITIONAL_IMAGE_1", locale, dispatcher))! />
-  <#assign productAdditionalImage2 = 
(Static["org.ofbiz.product.product.ProductContentWrapper"].getProductContentAsText(product, 
"ADDITIONAL_IMAGE_2", locale, dispatcher))! />
-  <#assign productAdditionalImage3 = 
(Static["org.ofbiz.product.product.ProductContentWrapper"].getProductContentAsText(product, 
"ADDITIONAL_IMAGE_3", locale, dispatcher))! />
-  <#assign productAdditionalImage4 = 
(Static["org.ofbiz.product.product.ProductContentWrapper"].getProductContentAsText(product, 
"ADDITIONAL_IMAGE_4", locale, dispatcher))! />
+  <#assign productAdditionalImage1 = 
(Static["org.ofbiz.product.product.ProductContentWrapper"].getProductContentAsText(product, 
"ADDITIONAL_IMAGE_1", locale, dispatcher, "url"))! />
+  <#assign productAdditionalImage2 = 
(Static["org.ofbiz.product.product.ProductContentWrapper"].getProductContentAsText(product, 
"ADDITIONAL_IMAGE_2", locale, dispatcher, "url"))! />
+  <#assign productAdditionalImage3 = 
(Static["org.ofbiz.product.product.ProductContentWrapper"].getProductContentAsText(product, 
"ADDITIONAL_IMAGE_3", locale, dispatcher, "url"))! />
+  <#assign productAdditionalImage4 = 
(Static["org.ofbiz.product.product.ProductContentWrapper"].getProductContentAsText(product, 
"ADDITIONAL_IMAGE_4", locale, dispatcher, "url"))! />
  </#if>
  <form id="addAdditionalImagesForm" method="post" 
action="<@ofbizUrl>addAdditionalImagesForProduct</@ofbizUrl>" enctype="multipart/form-data">
    <input id="additionalImageProductId" type="hidden" name="productId" 
value="${productId!}" />

Modified: 
ofbiz/branches/release14.12/applications/product/widget/catalog/ProductForms.xml
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/applications/product/widget/catalog/ProductForms.xml?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/applications/product/widget/catalog/ProductForms.xml
 (original)
+++ 
ofbiz/branches/release14.12/applications/product/widget/catalog/ProductForms.xml
 Fri Sep 25 16:34:34 2015
@@ -1235,7 +1235,7 @@ under the License.
      <form name="ListCostComponents" type="list" title="" list-name="listIt"
          odd-row-style="alternate-row" default-table-style="basic-table" 
paginate-target="EditProductCosts">
          <actions>
-               <set field="InParam.productId" 
from-field="requestParameters.productId"/>
+            <set field="InParam.productId" 
from-field="requestParameters.productId"/>
              <service service-name="performFind" result-map="result" 
result-map-list="listIt">
                  <field-map field-name="inputFields" from-field="InParam"/>
                  <field-map field-name="entityName" value="CostComponent"/>

Modified: 
ofbiz/branches/release14.12/specialpurpose/ebay/src/org/ofbiz/ebay/ProductsExportToEbay.java
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/specialpurpose/ebay/src/org/ofbiz/ebay/ProductsExportToEbay.java?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/specialpurpose/ebay/src/org/ofbiz/ebay/ProductsExportToEbay.java
 (original)
+++ 
ofbiz/branches/release14.12/specialpurpose/ebay/src/org/ofbiz/ebay/ProductsExportToEbay.java
 Fri Sep 25 16:34:34 2015
@@ -47,10 +47,10 @@ import org.ofbiz.entity.condition.Entity
  import org.ofbiz.entity.util.EntityQuery;
  import org.ofbiz.entity.util.EntityUtil;
  import org.ofbiz.entity.util.EntityUtilProperties;
+import org.ofbiz.product.product.ProductContentWrapper;
  import org.ofbiz.service.DispatchContext;
  import org.ofbiz.service.ModelService;
  import org.ofbiz.service.ServiceUtil;
-import org.ofbiz.product.product.ProductContentWrapper;
  import org.w3c.dom.Document;
  import org.w3c.dom.Element;
  import org.w3c.dom.Node;
@@ -266,7 +266,7 @@ public class ProductsExportToEbay {
                  }
                    ProductContentWrapper pcw = new 
ProductContentWrapper(dctx.getDispatcher(), prod, locale, "text/html");
-                StringUtil.StringWrapper ebayDescription = 
pcw.get("EBAY_DESCRIPTION");
+                StringUtil.StringWrapper ebayDescription = pcw.get("EBAY_DESCRIPTION", 
"html");
                  if (UtilValidate.isNotEmpty(ebayDescription.toString())) {
                      UtilXml.addChildElementCDATAValue(itemElem, 
"Description", ebayDescription.toString(), itemDocument);
                  } else {

Modified: 
ofbiz/branches/release14.12/specialpurpose/ebaystore/webapp/ebaystore/store/productsearchExport.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/specialpurpose/ebaystore/webapp/ebaystore/store/productsearchExport.ftl?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/specialpurpose/ebaystore/webapp/ebaystore/store/productsearchExport.ftl
 (original)
+++ 
ofbiz/branches/release14.12/specialpurpose/ebaystore/webapp/ebaystore/store/productsearchExport.ftl
 Fri Sep 25 16:34:34 2015
@@ -239,7 +239,7 @@ under the License.
                       <#assign smallImageUrl = "">
                       <#if contentList?has_content>
                            <#list contentList as content>
-                                <#if content.product.productId! == item.getSKU()!><#assign 
smallImageUrl = content.productContentWrapper.get("SMALL_IMAGE_URL")!></#if>
+                                <#if content.product.productId! == item.getSKU()!><#assign smallImageUrl = 
content.productContentWrapper.get("SMALL_IMAGE_URL", "url")!></#if>
                            </#list>
                       </#if>
                       <#if !smallImageUrl?string?has_content><#assign smallImageUrl = 
"/images/defaultImage.jpg"></#if>

Modified: 
ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/cart/UpdateCart.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/cart/UpdateCart.ftl?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/cart/UpdateCart.ftl
 (original)
+++ 
ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/cart/UpdateCart.ftl
 Fri Sep 25 16:34:34 2015
@@ -66,7 +66,7 @@ under the License.
              <#else>
                <#assign parentProductId = cartLine.getProductId() />
              </#if>
-            <#assign smallImageUrl = 
Static["org.ofbiz.product.product.ProductContentWrapper"].getProductContentAsText(cartLine.getProduct(),
 "SMALL_IMAGE_URL", locale, dispatcher)! />
+            <#assign smallImageUrl = 
Static["org.ofbiz.product.product.ProductContentWrapper"].getProductContentAsText(cartLine.getProduct(), 
"SMALL_IMAGE_URL", locale, dispatcher, "url")! />
              <#if !smallImageUrl?string?has_content><#assign smallImageUrl = "" 
/></#if>
            </#if>
            <tr id="cartItemDisplayRow_${cartLine_index}">
@@ -136,7 +136,7 @@ under the License.
                      <#else>
                        <#assign parentProductId = cartLine.getProductId() />
                      </#if>
-                    <#assign smallImageUrl = 
Static["org.ofbiz.product.product.ProductContentWrapper"].getProductContentAsText(cartLine.getProduct(),
 "SMALL_IMAGE_URL", locale, dispatcher)! />
+                    <#assign smallImageUrl = 
Static["org.ofbiz.product.product.ProductContentWrapper"].getProductContentAsText(cartLine.getProduct(), 
"SMALL_IMAGE_URL", locale, dispatcher, "url")! />
                      <#if !smallImageUrl?string?has_content><#assign smallImageUrl = "" 
/></#if>
                      <#if smallImageUrl?string?has_content>
                        <img 
src="<@ofbizContentUrl>${requestAttributes.contentPathPrefix!}${smallImageUrl}</@ofbizContentUrl>"
 alt="Product Image" />

Modified: 
ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/cart/showcart.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/cart/showcart.ftl?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/cart/showcart.ftl
 (original)
+++ 
ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/cart/showcart.ftl
 Fri Sep 25 16:34:34 2015
@@ -237,7 +237,7 @@ function setAlternateGwp(field) {
                      <#else>
                        <#assign parentProductId = cartLine.getProductId() />
                      </#if>
-                    <#assign smallImageUrl = 
Static["org.ofbiz.product.product.ProductContentWrapper"].getProductContentAsText(cartLine.getProduct(),
 "SMALL_IMAGE_URL", locale, dispatcher)! />
+                    <#assign smallImageUrl = 
Static["org.ofbiz.product.product.ProductContentWrapper"].getProductContentAsText(cartLine.getProduct(), 
"SMALL_IMAGE_URL", locale, dispatcher, "url")! />
                      <#if !smallImageUrl?string?has_content><#assign smallImageUrl = 
"/images/defaultImage.jpg" /></#if>
                      <#if smallImageUrl?string?has_content>
                        <a href="<@ofbizCatalogAltUrl 
productId=parentProductId/>">

Modified: 
ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/catalog/LayeredCategoryDetail.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/catalog/LayeredCategoryDetail.ftl?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/catalog/LayeredCategoryDetail.ftl
 (original)
+++ 
ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/catalog/LayeredCategoryDetail.ftl
 Fri Sep 25 16:34:34 2015
@@ -53,7 +53,7 @@ under the License.
          <h1>${categoryDescription}</h1>
      </#if>
      <#assign longDescription = 
categoryContentWrapper.get("LONG_DESCRIPTION")!/>
-    <#assign categoryImageUrl = 
categoryContentWrapper.get("CATEGORY_IMAGE_URL")!/>
+    <#assign categoryImageUrl = categoryContentWrapper.get("CATEGORY_IMAGE_URL", 
"url")!/>
      <#if categoryImageUrl?string?has_content || longDescription?has_content>
        <div>
          <#if categoryImageUrl?string?has_content>

Modified: 
ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/catalog/ProductCategoryLink.ftl
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/catalog/ProductCategoryLink.ftl?rev=1705331&r1=1705330&r2=1705331&view=diff
==============================================================================
--- 
ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/catalog/ProductCategoryLink.ftl
 (original)
+++ 
ofbiz/branches/release14.12/specialpurpose/ecommerce/webapp/ecommerce/catalog/ProductCategoryLink.ftl
 Fri Sep 25 16:34:34 2015
@@ -35,7 +35,7 @@ under the License.
        <#assign linkProductCategory = delegator.findOne("ProductCategory", 
Static["org.ofbiz.base.util.UtilMisc"].toMap("productCategoryId", 
productCategoryLink.linkInfo), true)/>
        <#assign linkCategoryContentWrapper = 
Static["org.ofbiz.product.category.CategoryContentWrapper"].makeCategoryContentWrapper(linkProductCategory,
 request)/>
        <#assign titleText = 
productCategoryLink.titleText?default(linkCategoryContentWrapper.get("CATEGORY_NAME"))!/>
-      <#assign imageUrl = 
productCategoryLink.imageUrl?default(linkCategoryContentWrapper.get("CATEGORY_IMAGE_URL"))!/>
+      <#assign imageUrl = 
productCategoryLink.imageUrl?default(linkCategoryContentWrapper.get("CATEGORY_IMAGE_URL", 
"url"))!/>
        <#assign detailText = 
productCategoryLink.detailText?default(linkCategoryContentWrapper.get("DESCRIPTION"))!/>
      </#if>

Re: svn commit: r1705331 [1/2] - in /ofbiz/branches/release14.12: ./ applications/accounting/webapp/accounting/reports/ applications/content/src/org/ofbiz/content/content/ applications/order/src/org/ofbiz/order/order/ applications/order/src/org/ofbiz/order...

Reply via email to