> I think you cannot make the tool responsible for how it is used in this
> particular case.
of course the tool is responsible! Jira is not a tool to review code!
"Jira: Issue & Project Tracking Software"
so nothing to do with code ;)
Just imagine how it would be possible with another tool. F
e up after 3 revisions… Now there
are 40 patches attached. How can you tell which one is ok? Tell me which
one is fixing another after which discussion? …
If we care about reviewing patches/contribution we should stop using
jira.
Samuel
signature.asc
Description: signature
and stated as wip so I will consider it
as irrelevant for our discussion ;)
cheers,
Samuel
[1]:
https://lists.apache.org/thread.html/c2612f1e296b6ea15872185871d3a9d83d6a4afc6d2a76f7a336a126%40%3Cdev.ofbiz.apache.org%3E
[2]:
https://lists.apache.org/thread.html/7eab3d2ae3bbeadb184b02f75f7b2b
test coverage of obfiz this question seems to me
irrelevant! I will really appreciate to reject any patch proposal which
does not come with a test, but, if I'm correct, this not a practise in
ofbiz community.
As I've done the requested test manually and Mathieu has reverted the
commit I think we can left behind this question.
Samuel
> >
> > I believe these points must be answered before we get further in this
> > discussion
> >
> > Jacques
> >
signature.asc
Description: signature
have no idea on how to do this on jira.
Samuel
Quoting Jacques Le Roux (2019-11-29 08:50:05)
> Hi,
>
> Yesterday I have a short discussion with Pierre Smits about Github PRs and
> Jira.
>
> Pierre was asking about https://github.com/apache/ofbiz-framework/pulls I
> answe
yes there is a need for csrf check on get request ;)
I will write details in OFBIZ-11306 [1]
Samuel
[1]: https://issues.apache.org/jira/browse/OFBIZ-11306
event (ServiceEventHandler, JavaEventHandler,…) could benefit
from this protection.
Samuel
Quoting James Yong (2019-11-26 17:26:59)
> Hi Jacques, all,
>
> Haven't look into the POC yet. Please see the following updates:
>
> 1. Not a good practice to allow state-changing request via GET met
://issues.apache.org/jira/browse/OFBIZ-4274 instead of just
OFBIZ-4274) so that we can just "click" on it to display related issue :)
But like Mathieu said, I don't mind if some people find this `OFBIZ-XXX`
so meaningful that they want to keep it on subject line.
Samuel
mited.
Samuel
Hi Jacques,
On 27/10/2019 17:42, Jacques Le Roux wrote:
… So I have no problem removing this method... and
closing OFBIZ-2330, maybe after "fixing" OFBIZ-9804...
I'm not sure to get your point with OFBIZ-9804, if we simply remove
`checkSecureParameter` we fix this issue, don't we ?
Samuel
Hi all,
my conclusion from previous discussion is that there is no good reason
for checkSecureParameter. So to make ofbiz code simpler I suggest to
remove it.
Here is a Jira issue with patch attached
https://issues.apache.org/jira/browse/OFBIZ-11260
Samuel
Hi,
On 20/10/2019 12:27, Mathieu Lirzin wrote:
Hello,
Samuel writes:
Moreover if you don't use a service event in your request map you can
access whatever url parameter you want, so I cannot see why service
event is so particular in this regards.
Indeed if the issue is about forbi
so I cannot see why service
event is so particular in this regards.
Again my use case is to access url parameters in a service like
accessing view_size, or view_index which is definitely not sensible
information.
Samuel
On 18/10/2019 16:21, Jacques Le Roux wrote:
Samuel,
This was initiat
event service,
I see that I can bypass the check with
`service.http.parameters.require.encrypted` property but still I really
want to understand the point with this check ;)
Samuel
On 18/10/2019 10:48, Jacques Le Roux wrote:
Hi Samuel,
It started with http://svn.apache.org/viewvc?view=rev
oups it's not about ServiceHandler class but ServiceEventHandler class
On 18/10/2019 10:08, Samuel wrote:
Hi,
recently I run against this check method which throw me an error to
prevent me accessing url parameters from a service. Error message
mentions a security reason to forbid acce
ason ? or could we simply remove this check ?
Samuel
PS: I've also checked mentionned jira issue
https://issues.apache.org/jira/browse/OFBIZ-2330, but this didn't help
me understanding the "security" reason
,...) ? are you going to rewrite
ComponentLocationResolver to load groovy from compiled `.class`
Samuel
On 16/09/2019 12:28, Jacques Le Roux wrote:
Hi Devs,
While working on OFBIZ-10226 "Adds groovyScripts in the Gradle
sourceSets" I discussed with Mathieu and we had some ideas.
think all of these stuff will introduce more drawback than
benefits, especially regarding the total amount of javascript we write
on OFBiz
Samuel
On 23/08/2019 09:42, Carl Demus wrote:
Hello, personally i am a "fan" of typescript, but i've used it on other
project and not in
18 matches
Mail list logo
