Re: svn commit: r1040878 - /ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml
i am simply following the pattern? if the email would be the same you could not see if the support email is selected.. Regards, Hans On Wed, 2010-12-01 at 20:58 +1300, Scott Gray wrote: Hi Hans, Why the new email address? Wouldn't ofbizt...@yahoo.com serve the purpose just as well? This isn't the first time this discussion has come up: http://ofbiz.markmail.org/thread/agtz52o4btjbvb5n If you do insist on using a different email address, would you please consider using the example.com domain which is reserved for this sort of thing? Many thanks Scott On 1/12/2010, at 7:57 PM, hans...@apache.org wrote: Author: hansbak Date: Wed Dec 1 06:57:27 2010 New Revision: 1040878 URL: http://svn.apache.org/viewvc?rev=1040878view=rev Log: add support email address to the company for demo purposes Modified: ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml Modified: ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml?rev=1040878r1=1040877r2=1040878view=diff == --- ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml (original) +++ ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml Wed Dec 1 06:57:27 2010 @@ -31,6 +31,9 @@ under the License. ContactMech contactMechId=Company contactMechTypeId=EMAIL_ADDRESS infoString=ofbizt...@yahoo.com/ PartyContactMech partyId=Company contactMechId=Company fromDate=2000-01-01 00:00:00.000 allowSolicitation=Y/ PartyContactMechPurpose contactMechPurposeTypeId=PRIMARY_EMAIL partyId=Company contactMechId=Company fromDate=2003-01-01 00:00:00.000/ +ContactMech contactMechId=CompanySupport contactMechTypeId=EMAIL_ADDRESS infoString=ofbizsupp...@yahoo.com/ +PartyContactMech partyId=Company contactMechId=CompanySupport fromDate=2003-01-01 00:00:00.0 allowSolicitation=Y/ +PartyContactMechPurpose contactMechPurposeTypeId=SUPPORT_EMAIL partyId=Company contactMechId=CompanySupport fromDate=2003-01-01 00:00:00.0/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=BILLING_LOCATION fromDate=2000-01-01 00:00:00.000/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=GENERAL_LOCATION fromDate=2000-01-01 00:00:00.000/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=PAYMENT_LOCATION fromDate=2000-01-01 00:00:00.000/ -- Ofbiz on twitter: http://twitter.com/apache_ofbiz Myself on twitter: http://twitter.com/hansbak Antwebsystems.com: Quality services for competitive rates.
Re: svn commit: r1040878 - /ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml
By the way, why so unfriendly? Why not simply discuss the matter and see what the best solution is? Regards, Hans On Wed, 2010-12-01 at 20:58 +1300, Scott Gray wrote: Hi Hans, Why the new email address? Wouldn't ofbizt...@yahoo.com serve the purpose just as well? This isn't the first time this discussion has come up: http://ofbiz.markmail.org/thread/agtz52o4btjbvb5n If you do insist on using a different email address, would you please consider using the example.com domain which is reserved for this sort of thing? Many thanks Scott On 1/12/2010, at 7:57 PM, hans...@apache.org wrote: Author: hansbak Date: Wed Dec 1 06:57:27 2010 New Revision: 1040878 URL: http://svn.apache.org/viewvc?rev=1040878view=rev Log: add support email address to the company for demo purposes Modified: ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml Modified: ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml?rev=1040878r1=1040877r2=1040878view=diff == --- ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml (original) +++ ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml Wed Dec 1 06:57:27 2010 @@ -31,6 +31,9 @@ under the License. ContactMech contactMechId=Company contactMechTypeId=EMAIL_ADDRESS infoString=ofbizt...@yahoo.com/ PartyContactMech partyId=Company contactMechId=Company fromDate=2000-01-01 00:00:00.000 allowSolicitation=Y/ PartyContactMechPurpose contactMechPurposeTypeId=PRIMARY_EMAIL partyId=Company contactMechId=Company fromDate=2003-01-01 00:00:00.000/ +ContactMech contactMechId=CompanySupport contactMechTypeId=EMAIL_ADDRESS infoString=ofbizsupp...@yahoo.com/ +PartyContactMech partyId=Company contactMechId=CompanySupport fromDate=2003-01-01 00:00:00.0 allowSolicitation=Y/ +PartyContactMechPurpose contactMechPurposeTypeId=SUPPORT_EMAIL partyId=Company contactMechId=CompanySupport fromDate=2003-01-01 00:00:00.0/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=BILLING_LOCATION fromDate=2000-01-01 00:00:00.000/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=GENERAL_LOCATION fromDate=2000-01-01 00:00:00.000/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=PAYMENT_LOCATION fromDate=2000-01-01 00:00:00.000/ -- Ofbiz on twitter: http://twitter.com/apache_ofbiz Myself on twitter: http://twitter.com/hansbak Antwebsystems.com: Quality services for competitive rates.
[jira] Closed: (OFBIZ-4040) NPE when calling org.ofbiz.entity.model.ModelEntity.getTableName(null)
[ https://issues.apache.org/jira/browse/OFBIZ-4040?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux closed OFBIZ-4040. -- Resolution: Fixed Assignee: Jacques Le Roux Thanks Felice, Your patch is in trunk at r1040890. Please next time create your patch from OFBiz root, it's far easier for use to apply. By chance yours was only one line, so I did it by hand... It's explained here https://cwiki.apache.org/confluence/display/OFBADMIN/OFBiz+Contributors+Best+Practices#OFBizContributorsBestPractices-HowtoSendinYourContributions(orhowtocreateandapplypatches) NPE when calling org.ofbiz.entity.model.ModelEntity.getTableName(null) -- Key: OFBIZ-4040 URL: https://issues.apache.org/jira/browse/OFBIZ-4040 Project: OFBiz Issue Type: Bug Components: framework Affects Versions: SVN trunk Reporter: Felice Romano Assignee: Jacques Le Roux Fix For: SVN trunk Attachments: OFBIZ-4040 ModelEntity.java.patch When table name is required to a model entity object, it throws a NPE if datasource info object is null. Here is the patch: Have a nice day, Felice. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
Re: svn commit: r1040878 - /ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml
Hi Hans, The reason I linked to that previous thread was that I didn't want to have to have the same conversation over. Are you against using something like supp...@example.com? If so, why? Thanks Scott On 1/12/2010, at 9:18 PM, Hans Bakker wrote: i am simply following the pattern? if the email would be the same you could not see if the support email is selected.. Regards, Hans On Wed, 2010-12-01 at 20:58 +1300, Scott Gray wrote: Hi Hans, Why the new email address? Wouldn't ofbizt...@yahoo.com serve the purpose just as well? This isn't the first time this discussion has come up: http://ofbiz.markmail.org/thread/agtz52o4btjbvb5n If you do insist on using a different email address, would you please consider using the example.com domain which is reserved for this sort of thing? Many thanks Scott On 1/12/2010, at 7:57 PM, hans...@apache.org wrote: Author: hansbak Date: Wed Dec 1 06:57:27 2010 New Revision: 1040878 URL: http://svn.apache.org/viewvc?rev=1040878view=rev Log: add support email address to the company for demo purposes Modified: ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml Modified: ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml?rev=1040878r1=1040877r2=1040878view=diff == --- ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml (original) +++ ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml Wed Dec 1 06:57:27 2010 @@ -31,6 +31,9 @@ under the License. ContactMech contactMechId=Company contactMechTypeId=EMAIL_ADDRESS infoString=ofbizt...@yahoo.com/ PartyContactMech partyId=Company contactMechId=Company fromDate=2000-01-01 00:00:00.000 allowSolicitation=Y/ PartyContactMechPurpose contactMechPurposeTypeId=PRIMARY_EMAIL partyId=Company contactMechId=Company fromDate=2003-01-01 00:00:00.000/ +ContactMech contactMechId=CompanySupport contactMechTypeId=EMAIL_ADDRESS infoString=ofbizsupp...@yahoo.com/ +PartyContactMech partyId=Company contactMechId=CompanySupport fromDate=2003-01-01 00:00:00.0 allowSolicitation=Y/ +PartyContactMechPurpose contactMechPurposeTypeId=SUPPORT_EMAIL partyId=Company contactMechId=CompanySupport fromDate=2003-01-01 00:00:00.0/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=BILLING_LOCATION fromDate=2000-01-01 00:00:00.000/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=GENERAL_LOCATION fromDate=2000-01-01 00:00:00.000/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=PAYMENT_LOCATION fromDate=2000-01-01 00:00:00.000/ -- Ofbiz on twitter: http://twitter.com/apache_ofbiz Myself on twitter: http://twitter.com/hansbak Antwebsystems.com: Quality services for competitive rates. smime.p7s Description: S/MIME cryptographic signature
Re: svn commit: r1040878 - /ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml
I'm sorry if my tone came across as unfriendly, it certainly wasn't intended to be so. I'm actually quite busy at the moment and was just trying to get straight to the point. Regards Scott On 1/12/2010, at 9:22 PM, Hans Bakker wrote: By the way, why so unfriendly? Why not simply discuss the matter and see what the best solution is? Regards, Hans On Wed, 2010-12-01 at 20:58 +1300, Scott Gray wrote: Hi Hans, Why the new email address? Wouldn't ofbizt...@yahoo.com serve the purpose just as well? This isn't the first time this discussion has come up: http://ofbiz.markmail.org/thread/agtz52o4btjbvb5n If you do insist on using a different email address, would you please consider using the example.com domain which is reserved for this sort of thing? Many thanks Scott On 1/12/2010, at 7:57 PM, hans...@apache.org wrote: Author: hansbak Date: Wed Dec 1 06:57:27 2010 New Revision: 1040878 URL: http://svn.apache.org/viewvc?rev=1040878view=rev Log: add support email address to the company for demo purposes Modified: ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml Modified: ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml?rev=1040878r1=1040877r2=1040878view=diff == --- ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml (original) +++ ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml Wed Dec 1 06:57:27 2010 @@ -31,6 +31,9 @@ under the License. ContactMech contactMechId=Company contactMechTypeId=EMAIL_ADDRESS infoString=ofbizt...@yahoo.com/ PartyContactMech partyId=Company contactMechId=Company fromDate=2000-01-01 00:00:00.000 allowSolicitation=Y/ PartyContactMechPurpose contactMechPurposeTypeId=PRIMARY_EMAIL partyId=Company contactMechId=Company fromDate=2003-01-01 00:00:00.000/ +ContactMech contactMechId=CompanySupport contactMechTypeId=EMAIL_ADDRESS infoString=ofbizsupp...@yahoo.com/ +PartyContactMech partyId=Company contactMechId=CompanySupport fromDate=2003-01-01 00:00:00.0 allowSolicitation=Y/ +PartyContactMechPurpose contactMechPurposeTypeId=SUPPORT_EMAIL partyId=Company contactMechId=CompanySupport fromDate=2003-01-01 00:00:00.0/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=BILLING_LOCATION fromDate=2000-01-01 00:00:00.000/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=GENERAL_LOCATION fromDate=2000-01-01 00:00:00.000/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=PAYMENT_LOCATION fromDate=2000-01-01 00:00:00.000/ -- Ofbiz on twitter: http://twitter.com/apache_ofbiz Myself on twitter: http://twitter.com/hansbak Antwebsystems.com: Quality services for competitive rates. smime.p7s Description: S/MIME cryptographic signature
Re: svn commit: r1040878 - /ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml
Ok, lets solve this? change all @yahoo.com into @example.com ? Hans On Wed, 2010-12-01 at 21:44 +1300, Scott Gray wrote: Hi Hans, The reason I linked to that previous thread was that I didn't want to have to have the same conversation over. Are you against using something like supp...@example.com? If so, why? Thanks Scott On 1/12/2010, at 9:18 PM, Hans Bakker wrote: i am simply following the pattern? if the email would be the same you could not see if the support email is selected.. Regards, Hans On Wed, 2010-12-01 at 20:58 +1300, Scott Gray wrote: Hi Hans, Why the new email address? Wouldn't ofbizt...@yahoo.com serve the purpose just as well? This isn't the first time this discussion has come up: http://ofbiz.markmail.org/thread/agtz52o4btjbvb5n If you do insist on using a different email address, would you please consider using the example.com domain which is reserved for this sort of thing? Many thanks Scott On 1/12/2010, at 7:57 PM, hans...@apache.org wrote: Author: hansbak Date: Wed Dec 1 06:57:27 2010 New Revision: 1040878 URL: http://svn.apache.org/viewvc?rev=1040878view=rev Log: add support email address to the company for demo purposes Modified: ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml Modified: ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml?rev=1040878r1=1040877r2=1040878view=diff == --- ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml (original) +++ ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml Wed Dec 1 06:57:27 2010 @@ -31,6 +31,9 @@ under the License. ContactMech contactMechId=Company contactMechTypeId=EMAIL_ADDRESS infoString=ofbizt...@yahoo.com/ PartyContactMech partyId=Company contactMechId=Company fromDate=2000-01-01 00:00:00.000 allowSolicitation=Y/ PartyContactMechPurpose contactMechPurposeTypeId=PRIMARY_EMAIL partyId=Company contactMechId=Company fromDate=2003-01-01 00:00:00.000/ +ContactMech contactMechId=CompanySupport contactMechTypeId=EMAIL_ADDRESS infoString=ofbizsupp...@yahoo.com/ +PartyContactMech partyId=Company contactMechId=CompanySupport fromDate=2003-01-01 00:00:00.0 allowSolicitation=Y/ +PartyContactMechPurpose contactMechPurposeTypeId=SUPPORT_EMAIL partyId=Company contactMechId=CompanySupport fromDate=2003-01-01 00:00:00.0/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=BILLING_LOCATION fromDate=2000-01-01 00:00:00.000/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=GENERAL_LOCATION fromDate=2000-01-01 00:00:00.000/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=PAYMENT_LOCATION fromDate=2000-01-01 00:00:00.000/ -- Ofbiz on twitter: http://twitter.com/apache_ofbiz Myself on twitter: http://twitter.com/hansbak Antwebsystems.com: Quality services for competitive rates. -- Ofbiz on twitter: http://twitter.com/apache_ofbiz Myself on twitter: http://twitter.com/hansbak Antwebsystems.com: Quality services for competitive rates.
Re: svn commit: r1040878 - /ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml
Thank you, make me feel a lot better. :-) On Wed, 2010-12-01 at 21:46 +1300, Scott Gray wrote: I'm sorry if my tone came across as unfriendly, it certainly wasn't intended to be so. I'm actually quite busy at the moment and was just trying to get straight to the point. Regards Scott On 1/12/2010, at 9:22 PM, Hans Bakker wrote: By the way, why so unfriendly? Why not simply discuss the matter and see what the best solution is? Regards, Hans On Wed, 2010-12-01 at 20:58 +1300, Scott Gray wrote: Hi Hans, Why the new email address? Wouldn't ofbizt...@yahoo.com serve the purpose just as well? This isn't the first time this discussion has come up: http://ofbiz.markmail.org/thread/agtz52o4btjbvb5n If you do insist on using a different email address, would you please consider using the example.com domain which is reserved for this sort of thing? Many thanks Scott On 1/12/2010, at 7:57 PM, hans...@apache.org wrote: Author: hansbak Date: Wed Dec 1 06:57:27 2010 New Revision: 1040878 URL: http://svn.apache.org/viewvc?rev=1040878view=rev Log: add support email address to the company for demo purposes Modified: ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml Modified: ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml?rev=1040878r1=1040877r2=1040878view=diff == --- ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml (original) +++ ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml Wed Dec 1 06:57:27 2010 @@ -31,6 +31,9 @@ under the License. ContactMech contactMechId=Company contactMechTypeId=EMAIL_ADDRESS infoString=ofbizt...@yahoo.com/ PartyContactMech partyId=Company contactMechId=Company fromDate=2000-01-01 00:00:00.000 allowSolicitation=Y/ PartyContactMechPurpose contactMechPurposeTypeId=PRIMARY_EMAIL partyId=Company contactMechId=Company fromDate=2003-01-01 00:00:00.000/ +ContactMech contactMechId=CompanySupport contactMechTypeId=EMAIL_ADDRESS infoString=ofbizsupp...@yahoo.com/ +PartyContactMech partyId=Company contactMechId=CompanySupport fromDate=2003-01-01 00:00:00.0 allowSolicitation=Y/ +PartyContactMechPurpose contactMechPurposeTypeId=SUPPORT_EMAIL partyId=Company contactMechId=CompanySupport fromDate=2003-01-01 00:00:00.0/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=BILLING_LOCATION fromDate=2000-01-01 00:00:00.000/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=GENERAL_LOCATION fromDate=2000-01-01 00:00:00.000/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=PAYMENT_LOCATION fromDate=2000-01-01 00:00:00.000/ -- Ofbiz on twitter: http://twitter.com/apache_ofbiz Myself on twitter: http://twitter.com/hansbak Antwebsystems.com: Quality services for competitive rates. -- Ofbiz on twitter: http://twitter.com/apache_ofbiz Myself on twitter: http://twitter.com/hansbak Antwebsystems.com: Quality services for competitive rates.
Re: [SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability
Hi,
Sould we not update?
Thanks
Jacques
From: Mark Thomas ma...@apache.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability
Severity: Tomcat 7.0.x - Low, Tomcat 6.0.x - Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.4
- Not affected in default configuration.
- Affected if CSRF protection is disabled
- Additional XSS issues if web applications are untrusted
- - Tomcat 6.0.12 to 6.0.29
- Affected in default configuration
- Additional XSS issues if web applications are untrusted
- - Tomcat 5.5.x
- Not affected
Description:
The session list screen (provided by sessionList.jsp) in affected versions uses the orderBy and sort request parameters without
applying filtering and therefore is vulnerable to a cross-site scripting attack.
Users should be aware that Tomcat 6 does not use httpOnly for session cookies by default so this vulnerability could expose
session cookies from the manager application to an attacker.
A review of the Manager application by the Apache Tomcat security team identified additional XSS vulnerabilities if the web
applications deployed were not trusted.
Example:
GET
/manager/html/sessions?path=/sort=scriptalert('xss')/scriptorder=ASCaction=injectSessionsrefresh=Refresh+Sessions+list
Mitigation:
Users of affected versions should apply one of the following mitigations
- - Tomcat 7.0.0 to 7.0.4
- Remove the Manager application
- Remove the sessionList.jsp and sessionDetail.jsp files
- Ensure the CSRF protection is enabled
- Apply the patch 7.0.4 patch (see below)
- Update to 7.0.5 when released
- - Tomcat 6.0.12 to 6.0.29
- Remove the Manager application
- Remove the sessionList.jsp and sessionDetail.jsp files
- Apply the patch for 6.0.29 (see below)
- Update to 6.0.30 when released
No release date has been set for the next Tomcat 7.0.x and Tomcat 6.0.x
releases.
Credit:
The original issue was discovered by Adam Muntner of Gotham Digital Science.
Additional issues were identified by the Tomcat security team as a result of
reviewing the original issue.
References:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-6.html
Note: The patches
The Apache Tomcat Security Team
Patch for 6.0.29
Index: webapps/manager/WEB-INF/jsp/sessionDetail.jsp
===
- --- webapps/manager/WEB-INF/jsp/sessionDetail.jsp (revision 1037769)
+++ webapps/manager/WEB-INF/jsp/sessionDetail.jsp (working copy)
@@ -30,8 +30,10 @@
% String path = (String) request.getAttribute(path);
Session currentSession = (Session)request.getAttribute(currentSession);
HttpSession currentHttpSession = currentSession.getSession();
- - String currentSessionId = currentSession.getId();
- - String submitUrl =
((HttpServletRequest)pageContext.getRequest()).getRequestURL().toString();
+ String currentSessionId = JspHelper.escapeXml(currentSession.getId());
+ String submitUrl = JspHelper.escapeXml(
+ ((HttpServletRequest) pageContext.getRequest()).getRequestURI() +
+ ?path= + path);
%
head
meta http-equiv=content-type content=text/html; charset=iso-8859-1/
@@ -45,7 +47,7 @@
titleSessions Administration: details for %= currentSessionId %/title
/head
body
- -h1Details for Session %= JspHelper.escapeXml(currentSessionId) %/h1
+h1Details for Session %= currentSessionId %/h1
table style=text-align: left; border=0
tr
@@ -54,7 +56,7 @@
/tr
tr
thGuessed Locale/th
- -td%= JspHelper.guessDisplayLocaleFromSession(currentSession) %/td
+td%=
JspHelper.escapeXml(JspHelper.guessDisplayLocaleFromSession(currentSession)) %/td
/tr
tr
thGuessed User/th
@@ -120,7 +122,7 @@
String attributeName = (String) attributeNamesEnumeration.nextElement();
%
tr
- - td align=centerform action=%= submitUrl %divinput type=hidden name=path value=%= path % /input
type=hidden name=action value=removeSessionAttribute /input type=hidden name=sessionId value=%= currentSessionId %
/input type=hidden name=attributeName value=%= attributeName % /input type=submit value=Remove
//div/form/td
+ td align=centerform action=%= submitUrl %divinput type=hidden name=action value=removeSessionAttribute
/input type=hidden name=sessionId value=%= currentSessionId % /input type=hidden name=attributeName value=%=
JspHelper.escapeXml(attributeName) % /input type=submit value=Remove //div/form/td
td%= JspHelper.escapeXml(attributeName) %/td
td% Object attributeValue = currentHttpSession.getAttribute(attributeName); %span title=%= attributeValue == null ? :
attributeValue.getClass().toString() %%= JspHelper.escapeXml(attributeValue) %/span/td
/tr
Index: webapps/manager/WEB-INF/jsp/sessionsList.jsp
===
- --- webapps/manager/WEB-INF/jsp/sessionsList.jsp (revision
Re: [SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability
Le 01/12/2010 09:54, Jacques Le Roux a écrit : Hi, Sould we not update? Hi, just wait for the 6.0.30 release, should not be long ! Cheers, -- Erwan de FERRIERES www.nereide.biz
Re: svn commit: r1040878 - /ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml
+1, that would be fantastic and resolve the issue once and for all. Regards Scott On 1/12/2010, at 9:52 PM, Hans Bakker wrote: Ok, lets solve this? change all @yahoo.com into @example.com ? Hans On Wed, 2010-12-01 at 21:44 +1300, Scott Gray wrote: Hi Hans, The reason I linked to that previous thread was that I didn't want to have to have the same conversation over. Are you against using something like supp...@example.com? If so, why? Thanks Scott On 1/12/2010, at 9:18 PM, Hans Bakker wrote: i am simply following the pattern? if the email would be the same you could not see if the support email is selected.. Regards, Hans On Wed, 2010-12-01 at 20:58 +1300, Scott Gray wrote: Hi Hans, Why the new email address? Wouldn't ofbizt...@yahoo.com serve the purpose just as well? This isn't the first time this discussion has come up: http://ofbiz.markmail.org/thread/agtz52o4btjbvb5n If you do insist on using a different email address, would you please consider using the example.com domain which is reserved for this sort of thing? Many thanks Scott On 1/12/2010, at 7:57 PM, hans...@apache.org wrote: Author: hansbak Date: Wed Dec 1 06:57:27 2010 New Revision: 1040878 URL: http://svn.apache.org/viewvc?rev=1040878view=rev Log: add support email address to the company for demo purposes Modified: ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml Modified: ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml?rev=1040878r1=1040877r2=1040878view=diff == --- ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml (original) +++ ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml Wed Dec 1 06:57:27 2010 @@ -31,6 +31,9 @@ under the License. ContactMech contactMechId=Company contactMechTypeId=EMAIL_ADDRESS infoString=ofbizt...@yahoo.com/ PartyContactMech partyId=Company contactMechId=Company fromDate=2000-01-01 00:00:00.000 allowSolicitation=Y/ PartyContactMechPurpose contactMechPurposeTypeId=PRIMARY_EMAIL partyId=Company contactMechId=Company fromDate=2003-01-01 00:00:00.000/ +ContactMech contactMechId=CompanySupport contactMechTypeId=EMAIL_ADDRESS infoString=ofbizsupp...@yahoo.com/ +PartyContactMech partyId=Company contactMechId=CompanySupport fromDate=2003-01-01 00:00:00.0 allowSolicitation=Y/ +PartyContactMechPurpose contactMechPurposeTypeId=SUPPORT_EMAIL partyId=Company contactMechId=CompanySupport fromDate=2003-01-01 00:00:00.0/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=BILLING_LOCATION fromDate=2000-01-01 00:00:00.000/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=GENERAL_LOCATION fromDate=2000-01-01 00:00:00.000/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=PAYMENT_LOCATION fromDate=2000-01-01 00:00:00.000/ -- Ofbiz on twitter: http://twitter.com/apache_ofbiz Myself on twitter: http://twitter.com/hansbak Antwebsystems.com: Quality services for competitive rates. -- Ofbiz on twitter: http://twitter.com/apache_ofbiz Myself on twitter: http://twitter.com/hansbak Antwebsystems.com: Quality services for competitive rates. smime.p7s Description: S/MIME cryptographic signature
Re: [SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability
We don't use tomcat's manager application.
Regards
Scott
HotWax Media
http://www.hotwaxmedia.com
On 1/12/2010, at 9:54 PM, Jacques Le Roux wrote:
Hi,
Sould we not update?
Thanks
Jacques
From: Mark Thomas ma...@apache.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability
Severity: Tomcat 7.0.x - Low, Tomcat 6.0.x - Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.4
- Not affected in default configuration.
- Affected if CSRF protection is disabled
- Additional XSS issues if web applications are untrusted
- - Tomcat 6.0.12 to 6.0.29
- Affected in default configuration
- Additional XSS issues if web applications are untrusted
- - Tomcat 5.5.x
- Not affected
Description:
The session list screen (provided by sessionList.jsp) in affected versions
uses the orderBy and sort request parameters without applying filtering and
therefore is vulnerable to a cross-site scripting attack.
Users should be aware that Tomcat 6 does not use httpOnly for session
cookies by default so this vulnerability could expose session cookies from
the manager application to an attacker.
A review of the Manager application by the Apache Tomcat security team
identified additional XSS vulnerabilities if the web applications deployed
were not trusted.
Example:
GET
/manager/html/sessions?path=/sort=scriptalert('xss')/scriptorder=ASCaction=injectSessionsrefresh=Refresh+Sessions+list
Mitigation:
Users of affected versions should apply one of the following mitigations
- - Tomcat 7.0.0 to 7.0.4
- Remove the Manager application
- Remove the sessionList.jsp and sessionDetail.jsp files
- Ensure the CSRF protection is enabled
- Apply the patch 7.0.4 patch (see below)
- Update to 7.0.5 when released
- - Tomcat 6.0.12 to 6.0.29
- Remove the Manager application
- Remove the sessionList.jsp and sessionDetail.jsp files
- Apply the patch for 6.0.29 (see below)
- Update to 6.0.30 when released
No release date has been set for the next Tomcat 7.0.x and Tomcat 6.0.x
releases.
Credit:
The original issue was discovered by Adam Muntner of Gotham Digital Science.
Additional issues were identified by the Tomcat security team as a result of
reviewing the original issue.
References:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-6.html
Note: The patches
The Apache Tomcat Security Team
Patch for 6.0.29
Index: webapps/manager/WEB-INF/jsp/sessionDetail.jsp
===
- --- webapps/manager/WEB-INF/jsp/sessionDetail.jsp (revision 1037769)
+++ webapps/manager/WEB-INF/jsp/sessionDetail.jsp (working copy)
@@ -30,8 +30,10 @@
% String path = (String) request.getAttribute(path);
Session currentSession = (Session)request.getAttribute(currentSession);
HttpSession currentHttpSession = currentSession.getSession();
- - String currentSessionId = currentSession.getId();
- - String submitUrl =
((HttpServletRequest)pageContext.getRequest()).getRequestURL().toString();
+ String currentSessionId = JspHelper.escapeXml(currentSession.getId());
+ String submitUrl = JspHelper.escapeXml(
+ ((HttpServletRequest) pageContext.getRequest()).getRequestURI() +
+ ?path= + path);
%
head
meta http-equiv=content-type content=text/html; charset=iso-8859-1/
@@ -45,7 +47,7 @@
titleSessions Administration: details for %= currentSessionId %/title
/head
body
- -h1Details for Session %= JspHelper.escapeXml(currentSessionId) %/h1
+h1Details for Session %= currentSessionId %/h1
table style=text-align: left; border=0
tr
@@ -54,7 +56,7 @@
/tr
tr
thGuessed Locale/th
- -td%= JspHelper.guessDisplayLocaleFromSession(currentSession)
%/td
+td%=
JspHelper.escapeXml(JspHelper.guessDisplayLocaleFromSession(currentSession))
%/td
/tr
tr
thGuessed User/th
@@ -120,7 +122,7 @@
String attributeName = (String) attributeNamesEnumeration.nextElement();
%
tr
- - td align=centerform action=%= submitUrl %divinput
type=hidden name=path value=%= path % /input type=hidden
name=action value=removeSessionAttribute /input type=hidden
name=sessionId value=%= currentSessionId % /input type=hidden
name=attributeName value=%= attributeName % /input type=submit
value=Remove //div/form/td
+ td align=centerform action=%= submitUrl %divinput
type=hidden name=action value=removeSessionAttribute /input
type=hidden name=sessionId value=%= currentSessionId % /input
type=hidden name=attributeName value=%=
JspHelper.escapeXml(attributeName) % /input type=submit value=Remove
//div/form/td
td%= JspHelper.escapeXml(attributeName) %/td
td% Object attributeValue =
currentHttpSession.getAttribute(attributeName); %span title=%=
attributeValue == null ? :
Re: svn commit: r1040878 - /ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml
ok done in r 1040914. On Wed, 2010-12-01 at 22:09 +1300, Scott Gray wrote: +1, that would be fantastic and resolve the issue once and for all. Regards Scott On 1/12/2010, at 9:52 PM, Hans Bakker wrote: Ok, lets solve this? change all @yahoo.com into @example.com ? Hans On Wed, 2010-12-01 at 21:44 +1300, Scott Gray wrote: Hi Hans, The reason I linked to that previous thread was that I didn't want to have to have the same conversation over. Are you against using something like supp...@example.com? If so, why? Thanks Scott On 1/12/2010, at 9:18 PM, Hans Bakker wrote: i am simply following the pattern? if the email would be the same you could not see if the support email is selected.. Regards, Hans On Wed, 2010-12-01 at 20:58 +1300, Scott Gray wrote: Hi Hans, Why the new email address? Wouldn't ofbizt...@yahoo.com serve the purpose just as well? This isn't the first time this discussion has come up: http://ofbiz.markmail.org/thread/agtz52o4btjbvb5n If you do insist on using a different email address, would you please consider using the example.com domain which is reserved for this sort of thing? Many thanks Scott On 1/12/2010, at 7:57 PM, hans...@apache.org wrote: Author: hansbak Date: Wed Dec 1 06:57:27 2010 New Revision: 1040878 URL: http://svn.apache.org/viewvc?rev=1040878view=rev Log: add support email address to the company for demo purposes Modified: ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml Modified: ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml?rev=1040878r1=1040877r2=1040878view=diff == --- ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml (original) +++ ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml Wed Dec 1 06:57:27 2010 @@ -31,6 +31,9 @@ under the License. ContactMech contactMechId=Company contactMechTypeId=EMAIL_ADDRESS infoString=ofbizt...@yahoo.com/ PartyContactMech partyId=Company contactMechId=Company fromDate=2000-01-01 00:00:00.000 allowSolicitation=Y/ PartyContactMechPurpose contactMechPurposeTypeId=PRIMARY_EMAIL partyId=Company contactMechId=Company fromDate=2003-01-01 00:00:00.000/ +ContactMech contactMechId=CompanySupport contactMechTypeId=EMAIL_ADDRESS infoString=ofbizsupp...@yahoo.com/ +PartyContactMech partyId=Company contactMechId=CompanySupport fromDate=2003-01-01 00:00:00.0 allowSolicitation=Y/ +PartyContactMechPurpose contactMechPurposeTypeId=SUPPORT_EMAIL partyId=Company contactMechId=CompanySupport fromDate=2003-01-01 00:00:00.0/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=BILLING_LOCATION fromDate=2000-01-01 00:00:00.000/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=GENERAL_LOCATION fromDate=2000-01-01 00:00:00.000/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=PAYMENT_LOCATION fromDate=2000-01-01 00:00:00.000/ -- Ofbiz on twitter: http://twitter.com/apache_ofbiz Myself on twitter: http://twitter.com/hansbak Antwebsystems.com: Quality services for competitive rates. -- Ofbiz on twitter: http://twitter.com/apache_ofbiz Myself on twitter: http://twitter.com/hansbak Antwebsystems.com: Quality services for competitive rates. -- Ofbiz on twitter: http://twitter.com/apache_ofbiz Myself on twitter: http://twitter.com/hansbak Antwebsystems.com: Quality services for competitive rates.
Re: [jira] Closed: (OFBIZ-4006) jQuery Test and Bug fixing
My vote is to merge jquery, and then release branch. Thanks -- Divesh Dutta. On Nov 28, 2010, at 11:49 PM, Jacques Le Roux wrote: Other opinions? Jacques From: Bruno Busco bruno.bu...@gmail.com I would prefer to have the release branch before the merge with jQuery. -Bruno 2010/11/27 Jacopo Cappellato jacopo.cappell...@hotwaxmedia.com We may want to create a new release branch (before or after the merge with jQuery?) and officially release 10.04. Jacopo On Nov 27, 2010, at 10:57 AM, Jacques Le Roux wrote: Yes, there is no hurry to merge jQuery, and a branch before could be a good idea indeed. This could be an answer for removing or not all Prototype/Dojo from the trunk. With this branch people could rely on it for Prototype/Dojo. Those interested by the trunk are already leaving on the leading-edge and should not worry too much. On the other hand maybe some would prefer to have jQuery in the next release? And also should we wait 11.xx? 11.01 would be okay for me... BTW for those interested please be sure to check this thread (Bilgin noticed that I mixed 2 subjects in it: jQuery docs and demo and removing Prototype/Dojo from the trunk or not) http://markmail.org/message/mpdywy4ymkjddrpr Jacques From: Bruno Busco bruno.bu...@gmail.com What about creating a new release branch before merging the jquery ? -Bruno 2010/11/26 Jacques Le Roux jacques.le.r...@les7arts.com Hi Rohit, Hopefully before new year, but we will need more testing, could you help? Thanks Jacques From: rohit rohitksur...@yahoo.com hi, when can we expect the jQuery branch to be merged with the truck, it that expected at all... thanks rohit -- View this message in context: http://ofbiz.135035.n4.nabble.com/jira-Created-OFBIZ-4006-jQuery-Test-and-Bug-fixing-tp3016706p3060540.html Sent from the OFBiz - Dev mailing list archive at Nabble.com.
Re: [jira] Closed: (OFBIZ-4006) jQuery Test and Bug fixing
I would say merge jQuery, and then release branch. Thanks Regards -- Pranay Pandey HotWax Media | www.hotwaxmedia.com pranay.pan...@hotwaxmedia.com On Nov 28, 2010, at 11:49 PM, Jacques Le Roux wrote: Other opinions? Jacques From: Bruno Busco bruno.bu...@gmail.com I would prefer to have the release branch before the merge with jQuery. -Bruno 2010/11/27 Jacopo Cappellato jacopo.cappell...@hotwaxmedia.com We may want to create a new release branch (before or after the merge with jQuery?) and officially release 10.04. Jacopo On Nov 27, 2010, at 10:57 AM, Jacques Le Roux wrote: Yes, there is no hurry to merge jQuery, and a branch before could be a good idea indeed. This could be an answer for removing or not all Prototype/Dojo from the trunk. With this branch people could rely on it for Prototype/Dojo. Those interested by the trunk are already leaving on the leading-edge and should not worry too much. On the other hand maybe some would prefer to have jQuery in the next release? And also should we wait 11.xx? 11.01 would be okay for me... BTW for those interested please be sure to check this thread (Bilgin noticed that I mixed 2 subjects in it: jQuery docs and demo and removing Prototype/Dojo from the trunk or not) http://markmail.org/message/mpdywy4ymkjddrpr Jacques From: Bruno Busco bruno.bu...@gmail.com What about creating a new release branch before merging the jquery ? -Bruno 2010/11/26 Jacques Le Roux jacques.le.r...@les7arts.com Hi Rohit, Hopefully before new year, but we will need more testing, could you help? Thanks Jacques From: rohit rohitksur...@yahoo.com hi, when can we expect the jQuery branch to be merged with the truck, it that expected at all... thanks rohit -- View this message in context: http://ofbiz.135035.n4.nabble.com/jira-Created-OFBIZ-4006-jQuery-Test-and-Bug-fixing-tp3016706p3060540.html Sent from the OFBiz - Dev mailing list archive at Nabble.com.
Re: [SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability
Ho Right!
Jacques
Scott Gray wrote:
We don't use tomcat's manager application.
Regards
Scott
HotWax Media
http://www.hotwaxmedia.com
On 1/12/2010, at 9:54 PM, Jacques Le Roux wrote:
Hi,
Sould we not update?
Thanks
Jacques
From: Mark Thomas ma...@apache.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability
Severity: Tomcat 7.0.x - Low, Tomcat 6.0.x - Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.4
- Not affected in default configuration.
- Affected if CSRF protection is disabled
- Additional XSS issues if web applications are untrusted
- - Tomcat 6.0.12 to 6.0.29
- Affected in default configuration
- Additional XSS issues if web applications are untrusted
- - Tomcat 5.5.x
- Not affected
Description:
The session list screen (provided by sessionList.jsp) in affected versions uses
the orderBy and sort request parameters without
applying filtering and therefore is vulnerable to a cross-site scripting attack.
Users should be aware that Tomcat 6 does not use httpOnly for session cookies
by default so this vulnerability could expose
session cookies from the manager application to an attacker.
A review of the Manager application by the Apache Tomcat security team
identified additional XSS vulnerabilities if the web
applications deployed were not trusted.
Example:
GET
/manager/html/sessions?path=/sort=scriptalert('xss')/scriptorder=ASCaction=injectSessionsrefresh=Refresh+Sessions+list
Mitigation:
Users of affected versions should apply one of the following mitigations
- - Tomcat 7.0.0 to 7.0.4
- Remove the Manager application
- Remove the sessionList.jsp and sessionDetail.jsp files
- Ensure the CSRF protection is enabled
- Apply the patch 7.0.4 patch (see below)
- Update to 7.0.5 when released
- - Tomcat 6.0.12 to 6.0.29
- Remove the Manager application
- Remove the sessionList.jsp and sessionDetail.jsp files
- Apply the patch for 6.0.29 (see below)
- Update to 6.0.30 when released
No release date has been set for the next Tomcat 7.0.x and Tomcat 6.0.x
releases.
Credit:
The original issue was discovered by Adam Muntner of Gotham Digital Science.
Additional issues were identified by the Tomcat security team as a result of
reviewing the original issue.
References:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-6.html
Note: The patches
The Apache Tomcat Security Team
Patch for 6.0.29
Index: webapps/manager/WEB-INF/jsp/sessionDetail.jsp
===
- --- webapps/manager/WEB-INF/jsp/sessionDetail.jsp (revision 1037769)
+++ webapps/manager/WEB-INF/jsp/sessionDetail.jsp (working copy)
@@ -30,8 +30,10 @@
% String path = (String) request.getAttribute(path);
Session currentSession = (Session)request.getAttribute(currentSession);
HttpSession currentHttpSession = currentSession.getSession();
- - String currentSessionId = currentSession.getId();
- - String submitUrl =
((HttpServletRequest)pageContext.getRequest()).getRequestURL().toString();
+ String currentSessionId = JspHelper.escapeXml(currentSession.getId());
+ String submitUrl = JspHelper.escapeXml(
+ ((HttpServletRequest) pageContext.getRequest()).getRequestURI() +
+ ?path= + path);
%
head
meta http-equiv=content-type content=text/html; charset=iso-8859-1/
@@ -45,7 +47,7 @@
titleSessions Administration: details for %= currentSessionId %/title
/head
body
- -h1Details for Session %= JspHelper.escapeXml(currentSessionId) %/h1
+h1Details for Session %= currentSessionId %/h1
table style=text-align: left; border=0
tr
@@ -54,7 +56,7 @@
/tr
tr
thGuessed Locale/th
- -td%= JspHelper.guessDisplayLocaleFromSession(currentSession) %/td
+td%=
JspHelper.escapeXml(JspHelper.guessDisplayLocaleFromSession(currentSession)) %/td
/tr
tr
thGuessed User/th
@@ -120,7 +122,7 @@
String attributeName = (String) attributeNamesEnumeration.nextElement();
%
tr
- - td align=centerform action=%= submitUrl %divinput type=hidden name=path
value=%= path % /input
type=hidden name=action value=removeSessionAttribute /input type=hidden
name=sessionId value=%= currentSessionId
% /input type=hidden name=attributeName value=%= attributeName % /input
type=submit value=Remove
//div/form/td + td align=centerform action=%= submitUrl %divinput
type=hidden name=action
value=removeSessionAttribute /input type=hidden name=sessionId value=%= currentSessionId
% /input type=hidden
name=attributeName value=%= JspHelper.escapeXml(attributeName) % /input
type=submit value=Remove
//div/form/td td%= JspHelper.escapeXml(attributeName) %/td td%
Object attributeValue =
currentHttpSession.getAttribute(attributeName); %span title=%= attributeValue == null
? :
attributeValue.getClass().toString() %%= JspHelper.escapeXml(attributeValue)
%/span/td /tr
Index:
Re: svn commit: r1040878 - /ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml
Thanks Hans, much appreciated. Regards Scott On 1/12/2010, at 10:43 PM, Hans Bakker wrote: ok done in r 1040914. On Wed, 2010-12-01 at 22:09 +1300, Scott Gray wrote: +1, that would be fantastic and resolve the issue once and for all. Regards Scott On 1/12/2010, at 9:52 PM, Hans Bakker wrote: Ok, lets solve this? change all @yahoo.com into @example.com ? Hans On Wed, 2010-12-01 at 21:44 +1300, Scott Gray wrote: Hi Hans, The reason I linked to that previous thread was that I didn't want to have to have the same conversation over. Are you against using something like supp...@example.com? If so, why? Thanks Scott On 1/12/2010, at 9:18 PM, Hans Bakker wrote: i am simply following the pattern? if the email would be the same you could not see if the support email is selected.. Regards, Hans On Wed, 2010-12-01 at 20:58 +1300, Scott Gray wrote: Hi Hans, Why the new email address? Wouldn't ofbizt...@yahoo.com serve the purpose just as well? This isn't the first time this discussion has come up: http://ofbiz.markmail.org/thread/agtz52o4btjbvb5n If you do insist on using a different email address, would you please consider using the example.com domain which is reserved for this sort of thing? Many thanks Scott On 1/12/2010, at 7:57 PM, hans...@apache.org wrote: Author: hansbak Date: Wed Dec 1 06:57:27 2010 New Revision: 1040878 URL: http://svn.apache.org/viewvc?rev=1040878view=rev Log: add support email address to the company for demo purposes Modified: ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml Modified: ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml?rev=1040878r1=1040877r2=1040878view=diff == --- ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml (original) +++ ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml Wed Dec 1 06:57:27 2010 @@ -31,6 +31,9 @@ under the License. ContactMech contactMechId=Company contactMechTypeId=EMAIL_ADDRESS infoString=ofbizt...@yahoo.com/ PartyContactMech partyId=Company contactMechId=Company fromDate=2000-01-01 00:00:00.000 allowSolicitation=Y/ PartyContactMechPurpose contactMechPurposeTypeId=PRIMARY_EMAIL partyId=Company contactMechId=Company fromDate=2003-01-01 00:00:00.000/ +ContactMech contactMechId=CompanySupport contactMechTypeId=EMAIL_ADDRESS infoString=ofbizsupp...@yahoo.com/ +PartyContactMech partyId=Company contactMechId=CompanySupport fromDate=2003-01-01 00:00:00.0 allowSolicitation=Y/ +PartyContactMechPurpose contactMechPurposeTypeId=SUPPORT_EMAIL partyId=Company contactMechId=CompanySupport fromDate=2003-01-01 00:00:00.0/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=BILLING_LOCATION fromDate=2000-01-01 00:00:00.000/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=GENERAL_LOCATION fromDate=2000-01-01 00:00:00.000/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=PAYMENT_LOCATION fromDate=2000-01-01 00:00:00.000/ -- Ofbiz on twitter: http://twitter.com/apache_ofbiz Myself on twitter: http://twitter.com/hansbak Antwebsystems.com: Quality services for competitive rates. -- Ofbiz on twitter: http://twitter.com/apache_ofbiz Myself on twitter: http://twitter.com/hansbak Antwebsystems.com: Quality services for competitive rates. -- Ofbiz on twitter: http://twitter.com/apache_ofbiz Myself on twitter: http://twitter.com/hansbak Antwebsystems.com: Quality services for competitive rates. smime.p7s Description: S/MIME cryptographic signature
Re: [jira] Closed: (OFBIZ-4006) jQuery Test and Bug fixing
+1 to merge jQuery then release branch. -- Thanks Regards: Ankit Jain On Sunday 28 November 2010 11:49 PM, Jacques Le Roux wrote: Other opinions? Jacques From: Bruno Busco bruno.bu...@gmail.com I would prefer to have the release branch before the merge with jQuery. -Bruno 2010/11/27 Jacopo Cappellato jacopo.cappell...@hotwaxmedia.com We may want to create a new release branch (before or after the merge with jQuery?) and officially release 10.04. Jacopo On Nov 27, 2010, at 10:57 AM, Jacques Le Roux wrote: Yes, there is no hurry to merge jQuery, and a branch before could be a good idea indeed. This could be an answer for removing or not all Prototype/Dojo from the trunk. With this branch people could rely on it for Prototype/Dojo. Those interested by the trunk are already leaving on the leading-edge and should not worry too much. On the other hand maybe some would prefer to have jQuery in the next release? And also should we wait 11.xx? 11.01 would be okay for me... BTW for those interested please be sure to check this thread (Bilgin noticed that I mixed 2 subjects in it: jQuery docs and demo and removing Prototype/Dojo from the trunk or not) http://markmail.org/message/mpdywy4ymkjddrpr Jacques From: Bruno Busco bruno.bu...@gmail.com What about creating a new release branch before merging the jquery ? -Bruno 2010/11/26 Jacques Le Roux jacques.le.r...@les7arts.com Hi Rohit, Hopefully before new year, but we will need more testing, could you help? Thanks Jacques From: rohit rohitksur...@yahoo.com hi, when can we expect the jQuery branch to be merged with the truck, it that expected at all... thanks rohit -- View this message in context: http://ofbiz.135035.n4.nabble.com/jira-Created-OFBIZ-4006-jQuery-Test-and-Bug-fixing-tp3016706p3060540.html Sent from the OFBiz - Dev mailing list archive at Nabble.com.
OfBiz Data Model
Hi, Appreciate if someone can guide me to get access to the schema dump of OfBiz database. I am on to bringing up OfBiz instance in my m/c. Thanks ahead... Regards, G.Raman Senior Technical Director Sword Global India Pvt Ltd. 5th Floor, Arihant Nitco Park, 90, Dr. Radhakrishnan Salai, Mylapore, Chennai - 600 004, India _ m +91 95000 53613 t+91 44 6636 3650 e ganapathyraman.venkatra...@sword-in.com www.sword-group.comhttp://www.sword-group.com/ The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments contained in it.
Re: OfBiz Data Model
Hello G Raman, You can run the run-install ant target and OFBiz will create schema along with demo data. Also, such questions should be asked in user mailing list as dev mailing list is used for OFBiz development discussion. Thanks, Raj On Wednesday 01 December 2010 03:18 PM, Ganapathyraman Venkatraman wrote: Hi, Appreciate if someone can guide me to get access to the schema dump of OfBiz database. I am on to bringing up OfBiz instance in my m/c. Thanks ahead... Regards, G.Raman Senior Technical Director Sword Global India Pvt Ltd. 5th Floor, Arihant Nitco Park, 90, Dr. Radhakrishnan Salai, Mylapore, Chennai - 600 004, India _ m +91 95000 53613 t+91 44 6636 3650 e ganapathyraman.venkatra...@sword-in.com www.sword-group.comhttp://www.sword-group.com/ The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments contained in it.
Re: [jira] Closed: (OFBIZ-4006) jQuery Test and Bug fixing
Thanks Ankit, Pranay, Divesh, Hoho, looks like we will need a vote? Bruno? Jacques From: Ankit Jain ankit.j...@hotwaxmedia.com +1 to merge jQuery then release branch. -- Thanks Regards: Ankit Jain On Sunday 28 November 2010 11:49 PM, Jacques Le Roux wrote: Other opinions? Jacques From: Bruno Busco bruno.bu...@gmail.com I would prefer to have the release branch before the merge with jQuery. -Bruno 2010/11/27 Jacopo Cappellato jacopo.cappell...@hotwaxmedia.com We may want to create a new release branch (before or after the merge with jQuery?) and officially release 10.04. Jacopo On Nov 27, 2010, at 10:57 AM, Jacques Le Roux wrote: Yes, there is no hurry to merge jQuery, and a branch before could be a good idea indeed. This could be an answer for removing or not all Prototype/Dojo from the trunk. With this branch people could rely on it for Prototype/Dojo. Those interested by the trunk are already leaving on the leading-edge and should not worry too much. On the other hand maybe some would prefer to have jQuery in the next release? And also should we wait 11.xx? 11.01 would be okay for me... BTW for those interested please be sure to check this thread (Bilgin noticed that I mixed 2 subjects in it: jQuery docs and demo and removing Prototype/Dojo from the trunk or not) http://markmail.org/message/mpdywy4ymkjddrpr Jacques From: Bruno Busco bruno.bu...@gmail.com What about creating a new release branch before merging the jquery ? -Bruno 2010/11/26 Jacques Le Roux jacques.le.r...@les7arts.com Hi Rohit, Hopefully before new year, but we will need more testing, could you help? Thanks Jacques From: rohit rohitksur...@yahoo.com hi, when can we expect the jQuery branch to be merged with the truck, it that expected at all... thanks rohit -- View this message in context: http://ofbiz.135035.n4.nabble.com/jira-Created-OFBIZ-4006-jQuery-Test-and-Bug-fixing-tp3016706p3060540.html Sent from the OFBiz - Dev mailing list archive at Nabble.com.
OpenID Integration for OFBiz
Hi, Does OFBiz provide OpenId integration. As per my knowledge, and after looking at the code. there is no such functionality. Can anyone help me regarding this? How can i integrate OpenId (Gmail, MyOpenId, AOL, etc) into my application? Regards, Naveen Kumar B.V
Re: [jira] Closed: (OFBIZ-4006) jQuery Test and Bug fixing
I vote for doing a release branch first and then merge jQuery. This will let people to have a branch with the actual trunk in case the jQuery causes any issues to them. Thank you, Bruno 2010/12/1 Deepak Dixit deepak.di...@hotwaxmedia.com jQuery provide lot of pluginns and good thing is that all of these pluginns are cross browser compatible. So +1 for merge jQuery with trunk and then create release branch with jQuery. Thanks Regards -- Deepak Dixit HotWax Media Pvt. Ltd. Website :- www.hotwaxmedia.com Contact :- +91-98267-54548 Skype Id :- deepakdixit Jacques Le Roux wrote: Other opinions? Jacques From: Bruno Busco bruno.bu...@gmail.com I would prefer to have the release branch before the merge with jQuery. -Bruno 2010/11/27 Jacopo Cappellato jacopo.cappell...@hotwaxmedia.com We may want to create a new release branch (before or after the merge with jQuery?) and officially release 10.04. Jacopo On Nov 27, 2010, at 10:57 AM, Jacques Le Roux wrote: Yes, there is no hurry to merge jQuery, and a branch before could be a good idea indeed. This could be an answer for removing or not all Prototype/Dojo from the trunk. With this branch people could rely on it for Prototype/Dojo. Those interested by the trunk are already leaving on the leading-edge and should not worry too much. On the other hand maybe some would prefer to have jQuery in the next release? And also should we wait 11.xx? 11.01 would be okay for me... BTW for those interested please be sure to check this thread (Bilgin noticed that I mixed 2 subjects in it: jQuery docs and demo and removing Prototype/Dojo from the trunk or not) http://markmail.org/message/mpdywy4ymkjddrpr Jacques From: Bruno Busco bruno.bu...@gmail.com What about creating a new release branch before merging the jquery ? -Bruno 2010/11/26 Jacques Le Roux jacques.le.r...@les7arts.com Hi Rohit, Hopefully before new year, but we will need more testing, could you help? Thanks Jacques From: rohit rohitksur...@yahoo.com hi, when can we expect the jQuery branch to be merged with the truck, it that expected at all... thanks rohit -- View this message in context: http://ofbiz.135035.n4.nabble.com/jira-Created-OFBIZ-4006-jQuery-Test-and-Bug-fixing-tp3016706p3060540.html Sent from the OFBiz - Dev mailing list archive at Nabble.com.
Re: [jira] Closed: (OFBIZ-4006) jQuery Test and Bug fixing
I think, if issues come then we can attack them. In this way we will have release branch with Jquery. Thanks -- Divesh Dutta. On Dec 1, 2010, at 6:38 PM, Bruno Busco wrote: I vote for doing a release branch first and then merge jQuery. This will let people to have a branch with the actual trunk in case the jQuery causes any issues to them. Thank you, Bruno 2010/12/1 Deepak Dixit deepak.di...@hotwaxmedia.com jQuery provide lot of pluginns and good thing is that all of these pluginns are cross browser compatible. So +1 for merge jQuery with trunk and then create release branch with jQuery. Thanks Regards -- Deepak Dixit HotWax Media Pvt. Ltd. Website :- www.hotwaxmedia.com Contact :- +91-98267-54548 Skype Id :- deepakdixit Jacques Le Roux wrote: Other opinions? Jacques From: Bruno Busco bruno.bu...@gmail.com I would prefer to have the release branch before the merge with jQuery. -Bruno 2010/11/27 Jacopo Cappellato jacopo.cappell...@hotwaxmedia.com We may want to create a new release branch (before or after the merge with jQuery?) and officially release 10.04. Jacopo On Nov 27, 2010, at 10:57 AM, Jacques Le Roux wrote: Yes, there is no hurry to merge jQuery, and a branch before could be a good idea indeed. This could be an answer for removing or not all Prototype/Dojo from the trunk. With this branch people could rely on it for Prototype/Dojo. Those interested by the trunk are already leaving on the leading-edge and should not worry too much. On the other hand maybe some would prefer to have jQuery in the next release? And also should we wait 11.xx? 11.01 would be okay for me... BTW for those interested please be sure to check this thread (Bilgin noticed that I mixed 2 subjects in it: jQuery docs and demo and removing Prototype/Dojo from the trunk or not) http://markmail.org/message/mpdywy4ymkjddrpr Jacques From: Bruno Busco bruno.bu...@gmail.com What about creating a new release branch before merging the jquery ? -Bruno 2010/11/26 Jacques Le Roux jacques.le.r...@les7arts.com Hi Rohit, Hopefully before new year, but we will need more testing, could you help? Thanks Jacques From: rohit rohitksur...@yahoo.com hi, when can we expect the jQuery branch to be merged with the truck, it that expected at all... thanks rohit -- View this message in context: http://ofbiz.135035.n4.nabble.com/jira-Created-OFBIZ-4006-jQuery-Test-and-Bug-fixing-tp3016706p3060540.html Sent from the OFBiz - Dev mailing list archive at Nabble.com.
Re: [jira] Closed: (OFBIZ-4006) jQuery Test and Bug fixing
I agree, we already use the jQuery branch in a custom project without issues so far. The only problem we crossed is related to jQuery 1.4.3 and 1.4.4 and we had to revert to 1.4.2. The problem was related to the use of jQuery.live() and was reproductible with OFBiz OOTB. I have still to report it to jQuery team, not easy http://docs.jquery.com/How_to_Report_Bugs http://bugs.jquery.com/search?ticket=onq=live+1.4.3page=2noquickjump=1 http://bugs.jquery.com/ticket/7340 http://jsfiddle.net/ There are options: * to put a tag in the trunk before merging, but it's static and does not help much. You have still to handle the future of the tag :/ * to create a branch before mergin, but I don't like it much; it looks like a Prototype/Dojo fork So yes I'd also vote to merge it in the trunk and not worry too much, we should be able to quickly handle issues, if any... Jacques From: Divesh Dutta divesh.du...@hotwaxmedia.com I think, if issues come then we can attack them. In this way we will have release branch with Jquery. Thanks -- Divesh Dutta. On Dec 1, 2010, at 6:38 PM, Bruno Busco wrote: I vote for doing a release branch first and then merge jQuery. This will let people to have a branch with the actual trunk in case the jQuery causes any issues to them. Thank you, Bruno 2010/12/1 Deepak Dixit deepak.di...@hotwaxmedia.com jQuery provide lot of pluginns and good thing is that all of these pluginns are cross browser compatible. So +1 for merge jQuery with trunk and then create release branch with jQuery. Thanks Regards -- Deepak Dixit HotWax Media Pvt. Ltd. Website :- www.hotwaxmedia.com Contact :- +91-98267-54548 Skype Id :- deepakdixit Jacques Le Roux wrote: Other opinions? Jacques From: Bruno Busco bruno.bu...@gmail.com I would prefer to have the release branch before the merge with jQuery. -Bruno 2010/11/27 Jacopo Cappellato jacopo.cappell...@hotwaxmedia.com We may want to create a new release branch (before or after the merge with jQuery?) and officially release 10.04. Jacopo On Nov 27, 2010, at 10:57 AM, Jacques Le Roux wrote: Yes, there is no hurry to merge jQuery, and a branch before could be a good idea indeed. This could be an answer for removing or not all Prototype/Dojo from the trunk. With this branch people could rely on it for Prototype/Dojo. Those interested by the trunk are already leaving on the leading-edge and should not worry too much. On the other hand maybe some would prefer to have jQuery in the next release? And also should we wait 11.xx? 11.01 would be okay for me... BTW for those interested please be sure to check this thread (Bilgin noticed that I mixed 2 subjects in it: jQuery docs and demo and removing Prototype/Dojo from the trunk or not) http://markmail.org/message/mpdywy4ymkjddrpr Jacques From: Bruno Busco bruno.bu...@gmail.com What about creating a new release branch before merging the jquery ? -Bruno 2010/11/26 Jacques Le Roux jacques.le.r...@les7arts.com Hi Rohit, Hopefully before new year, but we will need more testing, could you help? Thanks Jacques From: rohit rohitksur...@yahoo.com hi, when can we expect the jQuery branch to be merged with the truck, it that expected at all... thanks rohit -- View this message in context: http://ofbiz.135035.n4.nabble.com/jira-Created-OFBIZ-4006-jQuery-Test-and-Bug-fixing-tp3016706p3060540.html Sent from the OFBiz - Dev mailing list archive at Nabble.com.
Re: OpenID Integration for OFBiz
It's single sign on, but I'm not sure if it ready for CrowdID: http://www.atlassian.com/software/crowd/features/openid.jsp Cheers, Ruppert On Dec 1, 2010, at 4:34 AM, Hans Bakker wrote: Isn't the component 'crowd' in the specialpurpose directory provide openId? -- Ofbiz on twitter: http://twitter.com/apache_ofbiz Myself on twitter: http://twitter.com/hansbak Antwebsystems.com: Quality services for competitive rates. On Wed, 2010-12-01 at 15:54 +0530, Naveen Kumar B V wrote: Hi, Does OFBiz provide OpenId integration. As per my knowledge, and after looking at the code. there is no such functionality. Can anyone help me regarding this? How can i integrate OpenId (Gmail, MyOpenId, AOL, etc) into my application? Regards, Naveen Kumar B.V
Re: svn commit: r1040878 - /ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml
On 12/01/2010 02:22 AM, Hans Bakker wrote: By the way, why so unfriendly? Why not simply discuss the matter and see what the best solution is? Not to poke a stick into a hornet's nest, but his email wasn't unfriendly; you are just seeing it in that fashion. Regards, Hans On Wed, 2010-12-01 at 20:58 +1300, Scott Gray wrote: Hi Hans, Why the new email address? Wouldn't ofbizt...@yahoo.com serve the purpose just as well? This isn't the first time this discussion has come up: http://ofbiz.markmail.org/thread/agtz52o4btjbvb5n If you do insist on using a different email address, would you please consider using the example.com domain which is reserved for this sort of thing? Many thanks Scott On 1/12/2010, at 7:57 PM, hans...@apache.org wrote: Author: hansbak Date: Wed Dec 1 06:57:27 2010 New Revision: 1040878 URL: http://svn.apache.org/viewvc?rev=1040878view=rev Log: add support email address to the company for demo purposes Modified: ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml Modified: ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml?rev=1040878r1=1040877r2=1040878view=diff == --- ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml (original) +++ ofbiz/trunk/applications/accounting/data/DemoOrganizationData.xml Wed Dec 1 06:57:27 2010 @@ -31,6 +31,9 @@ under the License. ContactMech contactMechId=Company contactMechTypeId=EMAIL_ADDRESS infoString=ofbizt...@yahoo.com/ PartyContactMech partyId=Company contactMechId=Company fromDate=2000-01-01 00:00:00.000 allowSolicitation=Y/ PartyContactMechPurpose contactMechPurposeTypeId=PRIMARY_EMAIL partyId=Company contactMechId=Company fromDate=2003-01-01 00:00:00.000/ +ContactMech contactMechId=CompanySupport contactMechTypeId=EMAIL_ADDRESS infoString=ofbizsupp...@yahoo.com/ +PartyContactMech partyId=Company contactMechId=CompanySupport fromDate=2003-01-01 00:00:00.0 allowSolicitation=Y/ +PartyContactMechPurpose contactMechPurposeTypeId=SUPPORT_EMAIL partyId=Company contactMechId=CompanySupport fromDate=2003-01-01 00:00:00.0/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=BILLING_LOCATION fromDate=2000-01-01 00:00:00.000/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=GENERAL_LOCATION fromDate=2000-01-01 00:00:00.000/ PartyContactMechPurpose partyId=Company contactMechId=9000 contactMechPurposeTypeId=PAYMENT_LOCATION fromDate=2000-01-01 00:00:00.000/
Re: svn commit: r1040890 - /ofbiz/trunk/framework/entity/src/org/ofbiz/entity/model/ModelEntity.java
On 12/01/2010 02:29 AM, jler...@apache.org wrote:
Author: jleroux
Date: Wed Dec 1 08:29:21 2010
New Revision: 1040890
URL: http://svn.apache.org/viewvc?rev=1040890view=rev
Log:
A patch from Felice Romano NPE when calling
org.ofbiz.entity.model.ModelEntity.getTableName(null)
(https://issues.apache.org/jira/browse/OFBIZ-4040) - OFBIZ-4040
When table name is required to a model entity object, it throws a NPE if
datasource info object is null.
JLR: I'm not quite sure in which occasions this fix is needed OOTB, but anyway
it's safer indeed.
Modified:
ofbiz/trunk/framework/entity/src/org/ofbiz/entity/model/ModelEntity.java
Modified:
ofbiz/trunk/framework/entity/src/org/ofbiz/entity/model/ModelEntity.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/entity/src/org/ofbiz/entity/model/ModelEntity.java?rev=1040890r1=1040889r2=1040890view=diff
==
--- ofbiz/trunk/framework/entity/src/org/ofbiz/entity/model/ModelEntity.java
(original)
+++ ofbiz/trunk/framework/entity/src/org/ofbiz/entity/model/ModelEntity.java
Wed Dec 1 08:29:21 2010
@@ -368,7 +368,7 @@ public class ModelEntity extends ModelIn
/** The table-name of the Entity including a Schema name if specified in
the datasource config */
public String getTableName(DatasourceInfo datasourceInfo) {
-if (UtilValidate.isNotEmpty(datasourceInfo.schemaName)) {
+if (datasourceInfo!=null
UtilValidate.isNotEmpty(datasourceInfo.schemaName)) {
Bad formatting, use ' ' around operators.
return datasourceInfo.schemaName + . + this.tableName;
} else {
return this.tableName;
Sharing Shopping Cart across multiple Stores in OFbiz
Hi, In our business scenario, we have configured two Stores in the front end, i.e., we have two different applications configured as Stores in the front end. We know that each store can have its own shopping cart where products can be added into it and checked it. Can we configure the app in such a way that the Shopping Cart should be shared across multiple stores? When a customer visits the application he should be able to shop in multiple stores and the products added in one store should be available (i.e, should be seen) in other stores also. How can this be achieved? Regards, Naveen Kumar B.V
Re: OfBiz Data Model
On Wed, Dec 1, 2010 at 2:48 AM, Ganapathyraman Venkatraman ganapathyraman.venkatra...@sword-in.com wrote: Hi, Appreciate if someone can guide me to get access to the schema dump of OfBiz database. I am on to bringing up OfBiz instance in my m/c. Thanks ahead... It's fairly large, on the order of 800 tables and many relational constraints. If you want an E-R diagram, the best approach may be to install OFBiz and then use an E-R tool to extract the schema as deployed. There are View entities defined in OFBiz that are very important but will not be represented from your schema perspective. I believe the Entity Reference tool and Artifact Info in the Webtools application are far more useful than a schema dump. When working with OFBiz we tend to rely directly on the entitymodel.xml definitions directly. We aren't doing the kind of Object-Relational mapping that is found in other frameworks; we are dealing directly in terms of an entity model. This is one of the main things that sets OFBiz apart from other frameworks. We simply don't think in terms of data binding to a relational schema, we use a relational schema *directly* without the object layer. The object binding is done through a loosely coupled Map abstraction, which gives us enormous flexibility while doing away with the heavy emphasis on type safety and strict coupling that we'd have in an ORM. -- James McGill Phoenix AZ
Not able to Cancel Products from an order
Hi,
first of all...
Sorry for such a lengthy description. Just wanted to make sure that i am
clear in what I say.
I am facing a problem in cancelling products from an order.
Lets take a scenario here:
After an order has been successfully created, (Order status may be CREATED
or APPROVED). Due to some reasons a customer wanted to cancel
a particular product from an order. I am not able to perform this
operations, and faced the problems listed below:
1. ERROR: Insecure Request cannot be converted to a Secure Request.
I got an error as shown above, after researching i found that
http call was being redirected to httpS call.
So i edited url.properties file and changed a property as shown below:
port.https.enabled=N
I hope the above problem is rectified. (Is it the correct approach)
2. Now after the cancel button is clicked, the page is just getting
reloaded, and the status is not getting updated.
Analysis:
I tried debugging the code, and looked at cancelOrderItem() method in
OrderServices.java file. the service which was actually getting invoked
In that method, i am getting NULL values for some of the parameters listed
below:
cancelQuantity, shipGroupSeqId, itemReasonMap, itemCommentMap.
And, after the flow gets executed further,
Map fields = UtilMisc.toMap(orderId, orderId);
if (orderItemSeqId != null) {
fields.put(orderItemSeqId, orderItemSeqId);
}
if (shipGroupSeqId != null) {
fields.put(shipGroupSeqId, shipGroupSeqId);
}
List orderItemShipGroupAssocs = null;
try {
Debug.log(--- Getting Order ItemShip Group.);
* orderItemShipGroupAssocs =
delegator.findByAnd(OrderItemShipGroupAssoc, fields);*
*
*
*
*
*
*
* orderItemShipGroupAssocs is empty, the size is 0.*
Subsequently, when the above list orderItemShipGroupAssocs is iterated over
a while loop, it is getting executed 0 times and no operation is being
performed
in cancellation, and hence no errors also.
Can anyone help me by telling why is the size of above
List orderItemShipGroupAssocs 0, and null values for some of the fields.
Any help would be appreciated.
Regards,
Naveen Kumar B.V
**
jquey
We have a number of new ofbiz features lined up, however they use jquery... is it possble to add the jquery libraries earlier then waiting for the merge of the jquery branch? -- Ofbiz on twitter: http://twitter.com/apache_ofbiz Myself on twitter: http://twitter.com/hansbak Antwebsystems.com: Quality services for competitive rates.
Re: jquey
Seems like it would be prudent to wait until it is merged from the branch given the amount of work going on there already. Why don't you put your features into the jquery branch as further examples of where it will be utilized? Cheers, Ruppert On Dec 1, 2010, at 8:21 PM, Hans Bakker wrote: We have a number of new ofbiz features lined up, however they use jquery... is it possble to add the jquery libraries earlier then waiting for the merge of the jquery branch? -- Ofbiz on twitter: http://twitter.com/apache_ofbiz Myself on twitter: http://twitter.com/hansbak Antwebsystems.com: Quality services for competitive rates.
Re: jquey
Hans, On other thread Jacques indicated that work of migrating to JQuery is complete. Do you think, it will be good idea to merge JQuery branch with trunk quickly so you can add additional features much more easily? Thanks and Regards Anil Patel HotWax Media Inc Find us on the web at www.hotwaxmedia.com or Google Keyword ofbiz On Dec 1, 2010, at 10:21 PM, Hans Bakker wrote: We have a number of new ofbiz features lined up, however they use jquery... is it possble to add the jquery libraries earlier then waiting for the merge of the jquery branch? -- Ofbiz on twitter: http://twitter.com/apache_ofbiz Myself on twitter: http://twitter.com/hansbak Antwebsystems.com: Quality services for competitive rates.
Re: [jira] Closed: (OFBIZ-4006) jQuery Test and Bug fixing
yes exactly, and jQuery 1.4.2 is stable and we can use it without issue. In future we can update it to 1.4.3 or 1.4.4 or any stable release. Thanks Regards -- Deepak Dixit Jacques Le Roux wrote: I agree, we already use the jQuery branch in a custom project without issues so far. The only problem we crossed is related to jQuery 1.4.3 and 1.4.4 and we had to revert to 1.4.2. The problem was related to the use of jQuery.live() and was reproductible with OFBiz OOTB. I have still to report it to jQuery team, not easy http://docs.jquery.com/How_to_Report_Bugs http://bugs.jquery.com/search?ticket=onq=live+1.4.3page=2noquickjump=1 http://bugs.jquery.com/ticket/7340 http://jsfiddle.net/ There are options: * to put a tag in the trunk before merging, but it's static and does not help much. You have still to handle the future of the tag :/ * to create a branch before mergin, but I don't like it much; it looks like a Prototype/Dojo fork So yes I'd also vote to merge it in the trunk and not worry too much, we should be able to quickly handle issues, if any... Jacques From: Divesh Dutta divesh.du...@hotwaxmedia.com I think, if issues come then we can attack them. In this way we will have release branch with Jquery. Thanks -- Divesh Dutta. On Dec 1, 2010, at 6:38 PM, Bruno Busco wrote: I vote for doing a release branch first and then merge jQuery. This will let people to have a branch with the actual trunk in case the jQuery causes any issues to them. Thank you, Bruno 2010/12/1 Deepak Dixit deepak.di...@hotwaxmedia.com jQuery provide lot of pluginns and good thing is that all of these pluginns are cross browser compatible. So +1 for merge jQuery with trunk and then create release branch with jQuery. Thanks Regards -- Deepak Dixit HotWax Media Pvt. Ltd. Website :- www.hotwaxmedia.com Contact :- +91-98267-54548 Skype Id :- deepakdixit Jacques Le Roux wrote: Other opinions? Jacques From: Bruno Busco bruno.bu...@gmail.com I would prefer to have the release branch before the merge with jQuery. -Bruno 2010/11/27 Jacopo Cappellato jacopo.cappell...@hotwaxmedia.com We may want to create a new release branch (before or after the merge with jQuery?) and officially release 10.04. Jacopo On Nov 27, 2010, at 10:57 AM, Jacques Le Roux wrote: Yes, there is no hurry to merge jQuery, and a branch before could be a good idea indeed. This could be an answer for removing or not all Prototype/Dojo from the trunk. With this branch people could rely on it for Prototype/Dojo. Those interested by the trunk are already leaving on the leading-edge and should not worry too much. On the other hand maybe some would prefer to have jQuery in the next release? And also should we wait 11.xx? 11.01 would be okay for me... BTW for those interested please be sure to check this thread (Bilgin noticed that I mixed 2 subjects in it: jQuery docs and demo and removing Prototype/Dojo from the trunk or not) http://markmail.org/message/mpdywy4ymkjddrpr Jacques From: Bruno Busco bruno.bu...@gmail.com What about creating a new release branch before merging the jquery ? -Bruno 2010/11/26 Jacques Le Roux jacques.le.r...@les7arts.com Hi Rohit, Hopefully before new year, but we will need more testing, could you help? Thanks Jacques From: rohit rohitksur...@yahoo.com hi, when can we expect the jQuery branch to be merged with the truck, it that expected at all... thanks rohit -- View this message in context: http://ofbiz.135035.n4.nabble.com/jira-Created-OFBIZ-4006-jQuery-Test-and-Bug-fixing-tp3016706p3060540.html Sent from the OFBiz - Dev mailing list archive at Nabble.com.
Re: [jira] Resolved: (OFBIZ-4029) commit r1033717 breaks authorize.net processing.
hi Andrew, I have used the patch provided you and the processing is working fine now. I guess the jira issue may now be closed. Thanks Rohit -- View this message in context: http://ofbiz.135035.n4.nabble.com/jira-Created-OFBIZ-4029-commit-r1033717-breaks-authorize-net-processing-tp3051284p3068558.html Sent from the OFBiz - Dev mailing list archive at Nabble.com.
