Le 16/07/2020 à 17:20, Jacques Le Roux a écrit :
Then it makes sense to remove RequestHandler::getDefaultErrorPage and its only reference in ControlServlet::handle (since nothing exists in web.xml
files)
I rather made error.ftl the new default
Done
Jacques
Hi Nicolas, All,
Last effort: I think we should now get rid of all error.jsp, error403.jsp and
error404.jsp files and all references to these.
It's easy to remove commented out references from 3 web.xml files
(marketing, partymgr and workeffort). We are sure they are not used.
Then it makes
Thanks Jacques,
You finished the work to remove the jsp error :)
Nicolas
On 15/07/2020 21:09, Jacques Le Roux wrote:
>
> Le 05/07/2020 à 16:50, Jacques Le Roux a écrit :
>> Hi,
>>
>> While working on OFBIZ-11840 I thought about the solution I used for
>> "[CVE-2020-1943] Apache OFBiz XSS
Le 05/07/2020 à 16:50, Jacques Le Roux a écrit :
Hi,
While working on OFBIZ-11840 I thought about the solution I used for
"[CVE-2020-1943] Apache OFBiz XSS Vulnerability"
So I tried that:
diff --git framework/common/webcommon/WEB-INF/common-controller.xml
Hi,
While working on OFBIZ-11840 I thought about the solution I used for
"[CVE-2020-1943] Apache OFBiz XSS Vulnerability"
So I tried that:
diff --git framework/common/webcommon/WEB-INF/common-controller.xml
framework/common/webcommon/WEB-INF/common-controller.xml
index e6f9394cd4..9291cdbece