Damned again those unwanted changes in .classpath :/
Done by hand!
Jacques
Le 13/10/2015 02:40, jler...@apache.org a écrit :
Author: jleroux
Date: Tue Oct 13 00:40:47 2015
New Revision: 1708274
URL: http://svn.apache.org/viewvc?rev=1708274&view=rev
Log:
Fix for ContentWorker at OFBIZ-6669. For that I have added owasp-java-html-sanitizer-r239.jar and
put a "content.sanitize=true" property in content.properties with some explanations. The
reason I put this property is because the sanitizer does some (safe) changes which might be
unwanted in a context where you are "sure" no one can inject/exploit your DB, see the
JIra issue for details. Note that this does not affect the *ContentWrapper.java classes where we
use OWASP encoding and not sanitizer. The reason we need the sanitizer here is because we are no
only handling content but also HTML code...
Added:
ofbiz/trunk/framework/base/lib/owasp-java-html-sanitizer-r239.jar (with
props)
Modified:
ofbiz/trunk/.classpath
ofbiz/trunk/LICENSE
ofbiz/trunk/applications/content/config/content.properties
ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentWorker.java
ofbiz/trunk/specialpurpose/cmssite/data/CmsSiteDemoData.xml
Modified: ofbiz/trunk/.classpath
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/.classpath?rev=1708274&r1=1708273&r2=1708274&view=diff
==============================================================================
--- ofbiz/trunk/.classpath (original)
+++ ofbiz/trunk/.classpath Tue Oct 13 00:40:47 2015
@@ -1,201 +1,202 @@
<?xml version="1.0" encoding="UTF-8"?>
<classpath>
- <classpathentry kind="con"
path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
- <classpathentry kind="lib"
path="applications/content/lib/dom4j-1.6.1.jar"/>
- <classpathentry kind="lib"
path="applications/content/lib/pdfbox-1.8.5.jar"/>
- <classpathentry kind="lib"
path="applications/content/lib/jempbox-1.8.5.jar"/>
- <classpathentry kind="lib"
path="applications/content/lib/fontbox-1.8.5.jar"/>
- <classpathentry kind="lib"
path="applications/content/lib/poi-3.10.1-20140818.jar"/>
- <classpathentry kind="lib"
path="applications/content/lib/tika-core-1.7.jar"/>
- <classpathentry kind="lib"
path="applications/content/lib/tika-parsers-1.7.jar"/>
- <classpathentry kind="lib"
path="applications/product/lib/dozer-4.2.1.jar"/>
- <classpathentry kind="lib"
path="applications/product/lib/watermarker-0.0.4.jar"/>
- <classpathentry kind="lib" path="framework/base/lib/ant-1.9.0-ant.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/ant-1.9.0-ant-junit.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/ant-1.9.0-ant-launcher.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/avalon-framework-4.2.0.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/barcode4j-2.1-barcode4j-fop-ext-complete.jar"/>
- <classpathentry kind="lib" path="framework/base/lib/batik-all-1.8.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/clhm-release-1.0-lru.jar"/>
- <classpathentry kind="lib" path="framework/base/lib/esapi-2.1.0.jar"/>
- <classpathentry kind="lib" path="framework/base/lib/fop-2.0.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/freemarker-2.3.22.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/hamcrest-all-1.2.jar"/>
- <classpathentry kind="lib" path="framework/base/lib/httpunit-1.7.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/ical4j-1.0-rc2.jar"/>
- <classpathentry kind="lib" path="framework/base/lib/icu4j-52_1.jar"/>
- <classpathentry kind="lib" path="framework/base/lib/ivy-2.2.0.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/jackson-annotations-2.4.0.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/jackson-core-2.4.2.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/jackson-databind-2.4.2.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/javolution-5.4.3.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/jdbm-1.0-SNAPSHOT.jar"/>
- <classpathentry kind="lib" path="framework/base/lib/jdom-1.1.jar"/>
- <classpathentry kind="lib" path="framework/base/lib/jpim-0.1.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/juel-impl-2.2.7.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/juel-spi-2.2.7.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/junit-dep-4.10.jar"/>
- <classpathentry kind="lib" path="framework/base/lib/log4j-api-2.3.jar"/>
- <classpathentry kind="lib" path="framework/base/lib/mail-1.5.1.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/nekohtml-1.9.16.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/resolver-2.9.1.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/serializer-2.9.1.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/shiro-core-1.2.3.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/slf4j-api-1.6.4.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/ws-commons-java5-1.0.1.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/ws-commons-util-1.0.2.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/xercesImpl-2.9.1.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/xmlgraphics-commons-2.0.1.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/xmlrpc-client-3.1.2.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/xmlrpc-common-3.1.2.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/xmlrpc-server-3.1.2.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/xml-apis-2.9.1.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/xml-apis-ext-1.3.04.jar"/>
- <classpathentry kind="lib" path="framework/base/lib/xpp3-1.1.4c.jar"/>
- <classpathentry kind="lib" path="framework/base/lib/xstream-1.4.6.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/zxing-core-3.2.0.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/ant/ant-1.9.0-ant-apache-bsf.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/commons/commons-beanutils-core-1.8.3.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/commons/commons-codec-1.10.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/commons/commons-collections-3.2.1.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/commons/commons-compress-1.9.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/commons/commons-csv-1.1.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/commons/commons-el-1.0.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/commons/commons-fileupload-1.3.1.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/commons/commons-io-2.4.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/commons/commons-lang-2.6.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/commons/commons-logging-1.2.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/commons/commons-net-3.3.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/commons/commons-pool2-2.3.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/commons/commons-validator-1.4.1.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/j2eespecs/geronimo-activation_1.0.2_spec-1.0.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/j2eespecs/geronimo-j2ee-connector_1.5_spec-2.0.0.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/j2eespecs/geronimo-jaxrpc_1.1_spec-1.0.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/j2eespecs/geronimo-jaxr_1.0_spec-1.0.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/j2eespecs/geronimo-jms_1.1_spec-1.1.1.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/j2eespecs/geronimo-jta_1.1_spec-1.1.1.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/j2eespecs/geronimo-saaj_1.3_spec-1.1.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/j2eespecs/annotations-api-3.0.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/j2eespecs/el-api-2.2.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/j2eespecs/jsp-api-2.2.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/j2eespecs/servlet-api-3.0.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/scripting/antlr-2.7.6.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/scripting/asm-3.2.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/scripting/bsf-2.4.0.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/scripting/bsh-2.0b4.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/scripting/groovy-all-2.2.1.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/scripting/jakarta-oro-2.0.8.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/scripting/jython-nooro.jar"/>
- <classpathentry kind="lib" path="framework/catalina/lib/ecj-4.4.2.jar"/>
- <classpathentry kind="lib"
path="framework/catalina/lib/tomcat-7.0.64-catalina.jar"/>
- <classpathentry kind="lib"
path="framework/catalina/lib/tomcat-7.0.64-catalina-ha.jar"/>
- <classpathentry kind="lib"
path="framework/catalina/lib/tomcat-7.0.64-catalina-tribes.jar"/>
- <classpathentry kind="lib"
path="framework/catalina/lib/tomcat-7.0.64-jasper.jar"/>
- <classpathentry kind="lib"
path="framework/catalina/lib/tomcat-7.0.64-tomcat-api.jar"/>
- <classpathentry kind="lib"
path="framework/catalina/lib/tomcat-7.0.64-tomcat-coyote.jar"/>
- <classpathentry kind="lib"
path="framework/catalina/lib/tomcat-7.0.64-tomcat-util.jar"/>
- <classpathentry kind="lib"
path="framework/catalina/lib/tomcat-extras-7.0.64-tomcat-juli.jar"/>
- <classpathentry kind="lib"
path="framework/catalina/lib/tomcat-extras-7.0.64-tomcat-juli-adapters.jar"/>
- <classpathentry kind="lib"
path="framework/entity/lib/commons-dbcp2-2.1.jar"/>
- <classpathentry kind="lib"
path="framework/geronimo/lib/geronimo-transaction-3.1.1.jar"/>
- <classpathentry kind="lib"
path="framework/service/lib/axiom-api-1.2.9.jar"/>
- <classpathentry kind="lib"
path="framework/service/lib/axiom-impl-1.2.9.jar"/>
- <classpathentry kind="lib"
path="framework/service/lib/axis2-kernel-1.5.2.jar"/>
- <classpathentry kind="lib"
path="framework/service/lib/axis2-transport-http-1.5.2.jar"/>
- <classpathentry kind="lib"
path="framework/service/lib/axis2-transport-local-1.5.2.jar"/>
- <classpathentry kind="lib"
path="framework/service/lib/commons-httpclient-3.1.jar"/>
- <classpathentry kind="lib"
path="framework/service/lib/neethi-2.0.4.jar"/>
- <classpathentry kind="lib"
path="framework/service/lib/wsdl4j-1.6.2.jar"/>
- <classpathentry kind="lib"
path="framework/service/lib/XmlSchema-1.4.3.jar"/>
- <classpathentry kind="lib"
path="framework/testtools/lib/org.springframework.core-3.1.0.M2.jar"/>
- <classpathentry kind="lib"
path="framework/testtools/lib/org.springframework.test-3.1.0.M2.jar"/>
- <classpathentry kind="lib"
path="framework/webapp/lib/ezmorph-0.9.1.jar"/>
- <classpathentry kind="lib" path="framework/webapp/lib/iText-2.1.7.jar"/>
- <classpathentry kind="lib" path="framework/webapp/lib/rome-0.9.jar"/>
- <classpathentry kind="lib" path="specialpurpose/birt/lib/axis-1.4.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/birt/lib/axis-ant-1.4.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/birt/lib/commons-discovery-0.5.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/birt/lib/org.eclipse.birt.runtime_4.3.1.v20130918-1142.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/birt/lib/org.eclipse.core.runtime_3.9.0.v20130326-1255.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/birt/lib/org.eclipse.equinox.common_3.6.200.v20130402-1505.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/birt/lib/org.eclipse.equinox.registry_3.5.301.v20130717-1549.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/birt/lib/org.eclipse.osgi_3.9.1.v20130814-1242.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/birt/lib/viewservlets.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/ebaystore/lib/attributes.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/ebaystore/lib/ebaycalls.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/ebaystore/lib/ebaysdkcore.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/ebaystore/lib/helper.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/googlecheckout/lib/checkout-sdk-0.8.8.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/ldap/lib/cas-server-core-3.3.jar"/>
- <classpathentry kind="lib" path="specialpurpose/pos/lib/jcl.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/pos/lib/jpos18-controls.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/pos/lib/looks-2.0.2.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/pos/lib/XuiCoreSwing-v3.2rc2b.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/pos/lib/XuiOptional-v3.2rc2b.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/solr/lib/runtime/guava-14.0.1.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/solr/lib/runtime/joda-time-2.2.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/solr/lib/runtime/spatial4j-0.4.1.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/solr/lib/runtime/zookeeper-3.4.6.jar"/>
- <classpathentry
excluding="org/ofbiz/accounting/thirdparty/cybersource/**|org/ofbiz/accounting/thirdparty/verisign/**|org/ofbiz/accounting/thirdparty/paypal/PayPalServices.java|org/ofbiz/accounting/thirdparty/orbital/**|org/ofbiz/accounting/thirdparty/securepay/**|org/ofbiz/accounting/thirdparty/ideal/**"
kind="src" path="applications/accounting/src"/>
- <classpathentry excluding="org/ofbiz/content/openoffice/|org/ofbiz/content/report/"
kind="src" path="applications/content/src"/>
- <classpathentry kind="src" path="applications/manufacturing/src"/>
- <classpathentry kind="src" path="applications/marketing/src"/>
- <classpathentry excluding="org/ofbiz/order/thirdparty/taxware/**" kind="src"
path="applications/order/src"/>
- <classpathentry kind="src" path="applications/party/src"/>
- <classpathentry excluding="ShipmentScaleApplet.java" kind="src"
path="applications/product/src"/>
- <classpathentry excluding="org/ofbiz/securityext/thirdparty/truition/TruitionCoReg.java"
kind="src" path="applications/securityext/src"/>
- <classpathentry kind="src" path="applications/humanres/src"/>
- <classpathentry kind="src" path="applications/workeffort/src"/>
- <classpathentry kind="src" path="framework/base/config"/>
- <classpathentry excluding="org/ofbiz/base/config/CoberturaInstrumenter.java"
kind="src" path="framework/base/src"/>
- <classpathentry kind="src" path="framework/catalina/src"/>
- <classpathentry kind="src" path="framework/common/src"/>
- <classpathentry kind="src" path="framework/datafile/src"/>
- <classpathentry kind="src" path="framework/entity/src"/>
- <classpathentry kind="src" path="framework/entityext/src"/>
- <classpathentry kind="src" path="framework/geronimo/src"/>
- <classpathentry kind="src" path="framework/minilang/src"/>
- <classpathentry kind="src" path="framework/security/src"/>
- <classpathentry kind="src" path="framework/service/src"/>
- <classpathentry kind="src" path="framework/start/src"/>
- <classpathentry kind="src" path="framework/testtools/src"/>
- <classpathentry
excluding="org/ofbiz/webapp/view/JasperReportsPdfViewHandler.java|org/ofbiz/webapp/view/JasperReportsXmlViewHandler.java|org/ofbiz/webapp/view/JasperReportsJXlsViewHandler.java|org/ofbiz/webapp/view/JasperReportsPoiXlsViewHandler.java"
kind="src" path="framework/webapp/src"/>
- <classpathentry kind="src" path="framework/webtools/src"/>
- <classpathentry kind="src" path="framework/widget/src"/>
- <classpathentry kind="src" path="specialpurpose/assetmaint/src"/>
- <classpathentry kind="src" path="specialpurpose/birt/src"/>
- <classpathentry kind="src" path="specialpurpose/ebay/src"/>
- <classpathentry kind="src" path="specialpurpose/ebaystore/src"/>
- <classpathentry kind="src" path="specialpurpose/ecommerce/src"/>
- <classpathentry kind="src" path="specialpurpose/example/src"/>
- <classpathentry kind="src" path="specialpurpose/googlebase/src"/>
- <classpathentry kind="src" path="specialpurpose/googlecheckout/src"/>
- <classpathentry kind="src" path="specialpurpose/hhfacility/src"/>
- <classpathentry kind="src" path="specialpurpose/ldap/src"/>
- <classpathentry kind="src" path="specialpurpose/lucene/src"/>
- <classpathentry kind="src" path="specialpurpose/oagis/src"/>
- <classpathentry kind="src" path="specialpurpose/pos/src"/>
- <classpathentry kind="src" path="specialpurpose/projectmgr/src"/>
- <classpathentry kind="src" path="specialpurpose/scrum/src"/>
- <classpathentry kind="src" path="specialpurpose/solr/src"/>
- <classpathentry kind="src" path="specialpurpose/webpos/src"/>
- <classpathentry kind="src" path="specialpurpose/passport/src"/>
- <classpathentry kind="lib"
path="specialpurpose/solr/lib/compile/solr-core-5.3.1.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/solr/lib/compile/solr-solrj-5.3.1.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/lucene/lib/lucene-analyzers-common-5.3.1.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/lucene/lib/lucene-core-5.3.1.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/lucene/lib/lucene-queryparser-5.3.1.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/solr/lib/runtime/lucene-codecs-5.3.1.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/solr/lib/runtime/lucene-highlighter-5.3.1.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/solr/lib/runtime/lucene-join-5.3.1.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/solr/lib/runtime/lucene-queries-5.3.1.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/solr/lib/runtime/lucene-spatial-5.3.1.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/solr/lib/runtime/lucene-suggest-5.3.1.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/solr/lib/runtime/noggit-0.6.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/solr/lib/runtime/org.restlet-2.3.0.jar"/>
- <classpathentry kind="lib"
path="specialpurpose/solr/lib/runtime/org.restlet.ext.servlet-2.3.0.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/httpclient-4.4.1.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/httpclient-cache-4.4.1.jar"/>
- <classpathentry kind="lib"
path="framework/base/lib/httpcore-4.4.1.jar"/>
- <classpathentry kind="output" path="bin"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="lib"
path="applications/content/lib/dom4j-1.6.1.jar"/>
+ <classpathentry kind="lib"
path="applications/content/lib/pdfbox-1.8.5.jar"/>
+ <classpathentry kind="lib"
path="applications/content/lib/jempbox-1.8.5.jar"/>
+ <classpathentry kind="lib"
path="applications/content/lib/fontbox-1.8.5.jar"/>
+ <classpathentry kind="lib"
path="applications/content/lib/poi-3.10.1-20140818.jar"/>
+ <classpathentry kind="lib"
path="applications/content/lib/tika-core-1.7.jar"/>
+ <classpathentry kind="lib"
path="applications/content/lib/tika-parsers-1.7.jar"/>
+ <classpathentry kind="lib"
path="applications/product/lib/dozer-4.2.1.jar"/>
+ <classpathentry kind="lib"
path="applications/product/lib/watermarker-0.0.4.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/ant-1.9.0-ant.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/ant-1.9.0-ant-junit.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/ant-1.9.0-ant-launcher.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/avalon-framework-4.2.0.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/barcode4j-2.1-barcode4j-fop-ext-complete.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/batik-all-1.8.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/clhm-release-1.0-lru.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/esapi-2.1.0.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/owasp-java-html-sanitizer-r239.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/fop-2.0.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/freemarker-2.3.22.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/hamcrest-all-1.2.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/httpunit-1.7.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/ical4j-1.0-rc2.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/icu4j-52_1.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/ivy-2.2.0.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/jackson-annotations-2.4.0.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/jackson-core-2.4.2.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/jackson-databind-2.4.2.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/javolution-5.4.3.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/jdbm-1.0-SNAPSHOT.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/jdom-1.1.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/jpim-0.1.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/juel-impl-2.2.7.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/juel-spi-2.2.7.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/junit-dep-4.10.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/log4j-api-2.3.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/mail-1.5.1.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/nekohtml-1.9.16.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/resolver-2.9.1.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/serializer-2.9.1.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/shiro-core-1.2.3.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/slf4j-api-1.6.4.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/ws-commons-java5-1.0.1.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/ws-commons-util-1.0.2.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/xercesImpl-2.9.1.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/xmlgraphics-commons-2.0.1.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/xmlrpc-client-3.1.2.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/xmlrpc-common-3.1.2.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/xmlrpc-server-3.1.2.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/xml-apis-2.9.1.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/xml-apis-ext-1.3.04.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/xpp3-1.1.4c.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/xstream-1.4.6.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/zxing-core-3.2.0.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/ant/ant-1.9.0-ant-apache-bsf.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/commons/commons-beanutils-core-1.8.3.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/commons/commons-codec-1.10.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/commons/commons-collections-3.2.1.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/commons/commons-compress-1.9.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/commons/commons-csv-1.1.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/commons/commons-el-1.0.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/commons/commons-fileupload-1.3.1.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/commons/commons-io-2.4.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/commons/commons-lang-2.6.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/commons/commons-logging-1.2.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/commons/commons-net-3.3.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/commons/commons-pool2-2.3.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/commons/commons-validator-1.4.1.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/j2eespecs/geronimo-activation_1.0.2_spec-1.0.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/j2eespecs/geronimo-j2ee-connector_1.5_spec-2.0.0.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/j2eespecs/geronimo-jaxrpc_1.1_spec-1.0.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/j2eespecs/geronimo-jaxr_1.0_spec-1.0.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/j2eespecs/geronimo-jms_1.1_spec-1.1.1.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/j2eespecs/geronimo-jta_1.1_spec-1.1.1.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/j2eespecs/geronimo-saaj_1.3_spec-1.1.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/j2eespecs/annotations-api-3.0.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/j2eespecs/el-api-2.2.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/j2eespecs/jsp-api-2.2.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/j2eespecs/servlet-api-3.0.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/scripting/antlr-2.7.6.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/scripting/asm-3.2.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/scripting/bsf-2.4.0.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/scripting/bsh-2.0b4.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/scripting/groovy-all-2.2.1.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/scripting/jakarta-oro-2.0.8.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/scripting/jython-nooro.jar"/>
+ <classpathentry kind="lib" path="framework/catalina/lib/ecj-4.4.2.jar"/>
+ <classpathentry kind="lib"
path="framework/catalina/lib/tomcat-7.0.64-catalina.jar"/>
+ <classpathentry kind="lib"
path="framework/catalina/lib/tomcat-7.0.64-catalina-ha.jar"/>
+ <classpathentry kind="lib"
path="framework/catalina/lib/tomcat-7.0.64-catalina-tribes.jar"/>
+ <classpathentry kind="lib"
path="framework/catalina/lib/tomcat-7.0.64-jasper.jar"/>
+ <classpathentry kind="lib"
path="framework/catalina/lib/tomcat-7.0.64-tomcat-api.jar"/>
+ <classpathentry kind="lib"
path="framework/catalina/lib/tomcat-7.0.64-tomcat-coyote.jar"/>
+ <classpathentry kind="lib"
path="framework/catalina/lib/tomcat-7.0.64-tomcat-util.jar"/>
+ <classpathentry kind="lib"
path="framework/catalina/lib/tomcat-extras-7.0.64-tomcat-juli.jar"/>
+ <classpathentry kind="lib"
path="framework/catalina/lib/tomcat-extras-7.0.64-tomcat-juli-adapters.jar"/>
+ <classpathentry kind="lib"
path="framework/entity/lib/commons-dbcp2-2.1.jar"/>
+ <classpathentry kind="lib"
path="framework/geronimo/lib/geronimo-transaction-3.1.1.jar"/>
+ <classpathentry kind="lib"
path="framework/service/lib/axiom-api-1.2.9.jar"/>
+ <classpathentry kind="lib"
path="framework/service/lib/axiom-impl-1.2.9.jar"/>
+ <classpathentry kind="lib"
path="framework/service/lib/axis2-kernel-1.5.2.jar"/>
+ <classpathentry kind="lib"
path="framework/service/lib/axis2-transport-http-1.5.2.jar"/>
+ <classpathentry kind="lib"
path="framework/service/lib/axis2-transport-local-1.5.2.jar"/>
+ <classpathentry kind="lib"
path="framework/service/lib/commons-httpclient-3.1.jar"/>
+ <classpathentry kind="lib" path="framework/service/lib/neethi-2.0.4.jar"/>
+ <classpathentry kind="lib" path="framework/service/lib/wsdl4j-1.6.2.jar"/>
+ <classpathentry kind="lib"
path="framework/service/lib/XmlSchema-1.4.3.jar"/>
+ <classpathentry kind="lib"
path="framework/testtools/lib/org.springframework.core-3.1.0.M2.jar"/>
+ <classpathentry kind="lib"
path="framework/testtools/lib/org.springframework.test-3.1.0.M2.jar"/>
+ <classpathentry kind="lib" path="framework/webapp/lib/ezmorph-0.9.1.jar"/>
+ <classpathentry kind="lib" path="framework/webapp/lib/iText-2.1.7.jar"/>
+ <classpathentry kind="lib" path="framework/webapp/lib/rome-0.9.jar"/>
+ <classpathentry kind="lib" path="specialpurpose/birt/lib/axis-1.4.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/birt/lib/axis-ant-1.4.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/birt/lib/commons-discovery-0.5.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/birt/lib/org.eclipse.birt.runtime_4.3.1.v20130918-1142.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/birt/lib/org.eclipse.core.runtime_3.9.0.v20130326-1255.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/birt/lib/org.eclipse.equinox.common_3.6.200.v20130402-1505.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/birt/lib/org.eclipse.equinox.registry_3.5.301.v20130717-1549.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/birt/lib/org.eclipse.osgi_3.9.1.v20130814-1242.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/birt/lib/viewservlets.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/ebaystore/lib/attributes.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/ebaystore/lib/ebaycalls.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/ebaystore/lib/ebaysdkcore.jar"/>
+ <classpathentry kind="lib" path="specialpurpose/ebaystore/lib/helper.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/googlecheckout/lib/checkout-sdk-0.8.8.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/ldap/lib/cas-server-core-3.3.jar"/>
+ <classpathentry kind="lib" path="specialpurpose/pos/lib/jcl.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/pos/lib/jpos18-controls.jar"/>
+ <classpathentry kind="lib" path="specialpurpose/pos/lib/looks-2.0.2.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/pos/lib/XuiCoreSwing-v3.2rc2b.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/pos/lib/XuiOptional-v3.2rc2b.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/solr/lib/runtime/guava-14.0.1.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/solr/lib/runtime/joda-time-2.2.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/solr/lib/runtime/spatial4j-0.4.1.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/solr/lib/runtime/zookeeper-3.4.6.jar"/>
+ <classpathentry
excluding="org/ofbiz/accounting/thirdparty/cybersource/**|org/ofbiz/accounting/thirdparty/verisign/**|org/ofbiz/accounting/thirdparty/paypal/PayPalServices.java|org/ofbiz/accounting/thirdparty/orbital/**|org/ofbiz/accounting/thirdparty/securepay/**|org/ofbiz/accounting/thirdparty/ideal/**"
kind="src" path="applications/accounting/src"/>
+ <classpathentry excluding="org/ofbiz/content/openoffice/|org/ofbiz/content/report/"
kind="src" path="applications/content/src"/>
+ <classpathentry kind="src" path="applications/manufacturing/src"/>
+ <classpathentry kind="src" path="applications/marketing/src"/>
+ <classpathentry excluding="org/ofbiz/order/thirdparty/taxware/**" kind="src"
path="applications/order/src"/>
+ <classpathentry kind="src" path="applications/party/src"/>
+ <classpathentry excluding="ShipmentScaleApplet.java" kind="src"
path="applications/product/src"/>
+ <classpathentry excluding="org/ofbiz/securityext/thirdparty/truition/TruitionCoReg.java"
kind="src" path="applications/securityext/src"/>
+ <classpathentry kind="src" path="applications/humanres/src"/>
+ <classpathentry kind="src" path="applications/workeffort/src"/>
+ <classpathentry kind="src" path="framework/base/config"/>
+ <classpathentry excluding="org/ofbiz/base/config/CoberturaInstrumenter.java" kind="src"
path="framework/base/src"/>
+ <classpathentry kind="src" path="framework/catalina/src"/>
+ <classpathentry kind="src" path="framework/common/src"/>
+ <classpathentry kind="src" path="framework/datafile/src"/>
+ <classpathentry kind="src" path="framework/entity/src"/>
+ <classpathentry kind="src" path="framework/entityext/src"/>
+ <classpathentry kind="src" path="framework/geronimo/src"/>
+ <classpathentry kind="src" path="framework/minilang/src"/>
+ <classpathentry kind="src" path="framework/security/src"/>
+ <classpathentry kind="src" path="framework/service/src"/>
+ <classpathentry kind="src" path="framework/start/src"/>
+ <classpathentry kind="src" path="framework/testtools/src"/>
+ <classpathentry
excluding="org/ofbiz/webapp/view/JasperReportsPdfViewHandler.java|org/ofbiz/webapp/view/JasperReportsXmlViewHandler.java|org/ofbiz/webapp/view/JasperReportsJXlsViewHandler.java|org/ofbiz/webapp/view/JasperReportsPoiXlsViewHandler.java"
kind="src" path="framework/webapp/src"/>
+ <classpathentry kind="src" path="framework/webtools/src"/>
+ <classpathentry kind="src" path="framework/widget/src"/>
+ <classpathentry kind="src" path="specialpurpose/assetmaint/src"/>
+ <classpathentry kind="src" path="specialpurpose/birt/src"/>
+ <classpathentry kind="src" path="specialpurpose/ebay/src"/>
+ <classpathentry kind="src" path="specialpurpose/ebaystore/src"/>
+ <classpathentry kind="src" path="specialpurpose/ecommerce/src"/>
+ <classpathentry kind="src" path="specialpurpose/example/src"/>
+ <classpathentry kind="src" path="specialpurpose/googlebase/src"/>
+ <classpathentry kind="src" path="specialpurpose/googlecheckout/src"/>
+ <classpathentry kind="src" path="specialpurpose/hhfacility/src"/>
+ <classpathentry kind="src" path="specialpurpose/ldap/src"/>
+ <classpathentry kind="src" path="specialpurpose/lucene/src"/>
+ <classpathentry kind="src" path="specialpurpose/oagis/src"/>
+ <classpathentry kind="src" path="specialpurpose/pos/src"/>
+ <classpathentry kind="src" path="specialpurpose/projectmgr/src"/>
+ <classpathentry kind="src" path="specialpurpose/scrum/src"/>
+ <classpathentry kind="src" path="specialpurpose/solr/src"/>
+ <classpathentry kind="src" path="specialpurpose/webpos/src"/>
+ <classpathentry kind="src" path="specialpurpose/passport/src"/>
+ <classpathentry kind="lib"
path="specialpurpose/solr/lib/compile/solr-core-5.3.1.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/solr/lib/compile/solr-solrj-5.3.1.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/lucene/lib/lucene-analyzers-common-5.3.1.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/lucene/lib/lucene-core-5.3.1.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/lucene/lib/lucene-queryparser-5.3.1.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/solr/lib/runtime/lucene-codecs-5.3.1.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/solr/lib/runtime/lucene-highlighter-5.3.1.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/solr/lib/runtime/lucene-join-5.3.1.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/solr/lib/runtime/lucene-queries-5.3.1.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/solr/lib/runtime/lucene-spatial-5.3.1.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/solr/lib/runtime/lucene-suggest-5.3.1.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/solr/lib/runtime/noggit-0.6.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/solr/lib/runtime/org.restlet-2.3.0.jar"/>
+ <classpathentry kind="lib"
path="specialpurpose/solr/lib/runtime/org.restlet.ext.servlet-2.3.0.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/httpclient-4.4.1.jar"/>
+ <classpathentry kind="lib"
path="framework/base/lib/httpclient-cache-4.4.1.jar"/>
+ <classpathentry kind="lib" path="framework/base/lib/httpcore-4.4.1.jar"/>
+ <classpathentry kind="output" path="bin"/>
</classpath>
Modified: ofbiz/trunk/LICENSE
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/LICENSE?rev=1708274&r1=1708273&r2=1708274&view=diff
==============================================================================
--- ofbiz/trunk/LICENSE (original)
+++ ofbiz/trunk/LICENSE Tue Oct 13 00:40:47 2015
@@ -69,6 +69,7 @@ framework/base/lib/j2eespecs/annotations
framework/base/lib/j2eespecs/el-api-2.2.jar
framework/base/lib/j2eespecs/jsp-api-2.2.jar
framework/base/lib/j2eespecs/servlet-api-3.0.jar
+framework/base/lib/owasp-java-html-sanitizer-r239.jar
framework/base/lib/scripting/bsf-2.4.0.jar
framework/base/lib/scripting/jakarta-oro-2.0.8.jar
framework/base/lib/scripting/groovy-all-2.2.1.jar
Modified: ofbiz/trunk/applications/content/config/content.properties
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/content/config/content.properties?rev=1708274&r1=1708273&r2=1708274&view=diff
==============================================================================
--- ofbiz/trunk/applications/content/config/content.properties (original)
+++ ofbiz/trunk/applications/content/config/content.properties Tue Oct 13
00:40:47 2015
@@ -35,3 +35,7 @@ content.upload.always.local.file=true
# content output folder (relative to ofbiz.home)
content.output.path=runtime/output
+
+#Should we sanitize generic content by default (specific contents - order,
party, category, product, configured product, product promo and work effort -
are always encoded)
+# This has a slightly impact on the code rendered, see . True By default!
+content.sanitize=true
Modified:
ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentWorker.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentWorker.java?rev=1708274&r1=1708273&r2=1708274&view=diff
==============================================================================
---
ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentWorker.java
(original)
+++
ofbiz/trunk/applications/content/src/org/ofbiz/content/content/ContentWorker.java
Tue Oct 13 00:40:47 2015
@@ -52,6 +52,7 @@ import org.ofbiz.entity.condition.Entity
import org.ofbiz.entity.condition.EntityOperator;
import org.ofbiz.entity.util.EntityQuery;
import org.ofbiz.entity.util.EntityUtil;
+import org.ofbiz.entity.util.EntityUtilProperties;
import org.ofbiz.minilang.MiniLangException;
import org.ofbiz.minilang.SimpleMapProcessor;
import org.ofbiz.service.DispatchContext;
@@ -59,6 +60,8 @@ import org.ofbiz.service.GenericServiceE
import org.ofbiz.service.LocalDispatcher;
import org.ofbiz.service.ModelService;
import org.ofbiz.service.ServiceUtil;
+import org.owasp.html.PolicyFactory;
+import org.owasp.html.Sanitizers;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
@@ -333,7 +336,23 @@ public class ContentWorker implements or
Locale locale, String mimeTypeId, boolean cache) throws
GeneralException, IOException {
Writer writer = new StringWriter();
renderContentAsText(dispatcher, delegator, contentId, writer,
templateContext, locale, mimeTypeId, null, null, cache);
- return writer.toString();
+ String rendered = writer.toString();
+ // According to
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#XSS_Prevention_Rules_Summary
+ // Normally head should be protected by X-XSS-Protection Response
Header by default
+ if (EntityUtilProperties.propertyValueEqualsIgnoreCase("content.properties",
"content.sanitize", "true", delegator)
+ && (rendered.contains("<script>")
+ || rendered.contains("<!--")
+ || rendered.contains("<div")
+ || rendered.contains("<style>")
+ || rendered.contains("<span")
+ || rendered.contains("<input")
+ || rendered.contains("<input")
+ || rendered.contains("<iframe")
+ || rendered.contains("<a"))) {
+ PolicyFactory sanitizer =
Sanitizers.FORMATTING.and(Sanitizers.BLOCKS).and(Sanitizers.IMAGES).and(Sanitizers.LINKS).and(Sanitizers.STYLES);
+ rendered = sanitizer.sanitize(rendered);
+ }
+ return rendered;
}
public static String renderContentAsText(LocalDispatcher dispatcher, Delegator delegator, String contentId, Appendable out,
Added: ofbiz/trunk/framework/base/lib/owasp-java-html-sanitizer-r239.jar
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/lib/owasp-java-html-sanitizer-r239.jar?rev=1708274&view=auto
==============================================================================
Binary file - no diff available.
Propchange: ofbiz/trunk/framework/base/lib/owasp-java-html-sanitizer-r239.jar
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Modified: ofbiz/trunk/specialpurpose/cmssite/data/CmsSiteDemoData.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/cmssite/data/CmsSiteDemoData.xml?rev=1708274&r1=1708273&r2=1708274&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/cmssite/data/CmsSiteDemoData.xml (original)
+++ ofbiz/trunk/specialpurpose/cmssite/data/CmsSiteDemoData.xml Tue Oct 13
00:40:47 2015
@@ -78,7 +78,7 @@ under the License.
<p>
This is a site to demonstrate the CMS capabilities of OFBiz.
Its basic function is the editing of website text
inside a browser. If you want to edit the text you are reading
now, logon to the backend system, select the content component
- click on 'cmssite' in the website list and ten click on the
'cms' button. There you see on the left hand side the tree of this website.
+ click on 'cmssite' in the website list and then click on the
'cms' button. There you see on the left hand side the tree of this website.
If you click on 'homepage' then you can edit the content of
this page at the box in the r
</p>
<p>
