GitLab

Correct abbreviation of invoice number - german.

Thanks: Ingo Wolfmayr

https://localhost:8443/catalog/control/EditCategory?productCategoryId=FOOD-001
Just upload an image - it will be displayed in full size. cssImageSmall css class
is defined in template but no definition is defined the theme.

Thanks: Ingo Wolfmayr

Improve the location and look of the label about date/time entries

Thanks: Ingo Wolfmayr

ListCommissionAgreements is defined as grid but linked as form and therefore the
screen throws an error.

https://localhost:8443/catalog/control/ViewProductAgreements?productId=WG-9943

Thanks: Ingo Wolfmayr

The ProductAssocs screen does not display as expected.
https://localhost:8443/catalog/control/EditProductAssoc?productId=WG-9943
This is caused by the tooltip syle (flex) defined for an info text that is used
on that screen.

Solution suggested : keep the text by just removing "style=tooltip".

Thanks: Ingo Wolfmayr

ListFeaturePrice is defined as grid but linked as form and therefore the screen
throws an error.
https://localhost:8443/catalog/control/EditFeature?productFeatureId=1000

Thanks: Ingo Wolfmayr

When accessing
[https://localhost:8443/accounting/control/BillingAccountPayments?billingAccountId=9010]
as a user with only VIEW permissions (e.g. userid=auditor),
the screen shows a form to create a payment.
This should not be visible to such a user as it leads
to a undesired effect and diminished user experience.

modified: BillingAccountScreens.xml
reworked screen BillingAccountPayments to work with 
CREATE permissions

Currently, the EditQuote screen in QuoteScreens.xml is using 'main-decorator' as the decorator-screen reference screen.
Because of this, the menus for the quote (being edited) are not shown to the user.

modified: QuoteScreens.xml
changed decorator-screen ref in screen EditQuote from 'main-decorator' to 'CommonQuoteDecorator

Adds missing ASL2 license header

This commit fix an issue that, under high usage, redondant thread are
created.
Update sshd-core to 2.8.0, adding sshd-ftp since it has been separated in its own library.
Add SshClientHelper to hold the unique instance of SshClient.
Update SshFtpClient class to use the unique SshClient, manage the password/identity into the session and clean close the session.

The MainActionMenu of the Accounting component is
intended to provide the users with CREATE permissions
a direct way to create the main objects of the
Accounting components (Gl transaction, invoice,
payment), instead of - as such a user - have to go
through multiple screens to get to the action
trigger to create such objects.
The MainActionMenu is applied in various decorator
screens. It is, however, not applied in the
GlSetupScreen.xml file.

Modified: GlSetupScreens.xml
added pre-body decorator section, including ref to
MainActionMenu, to:
- screen ListCompanies
- screen AddCompany
- screen ImportExport

When accessing
https://localhost:8443/partymgr/control/main the
screen shows duplicate action triggers for the
creation of a new party of type=PERSON or
of type=PARTYGROUP.
These action triggers come from the MainActionMenu
for the a component, and from the 'CreateNewParty'
menu.

modified: PartyMenus.xml
removed from menu CreateNewParty:
- menu-item for the creation of a PartyGroup
- menu-item for the creation of a Person
as these already exists in the MainActionMenu of
the component.

Renames SecuredUpload::isValidFile to isValidFileName

If chargeShipping is null (default) the method ProductWorker.shippingApplies
fails.
GenericEntity::getBoolean has changed. If the passed value equals null, false is
returned. ProductWorker expects "null".

jleroux: GenericEntity::getBoolean has been changed for OFBIZ-12386 "Fix some
bugs SpotBugs reports". I checked at least that
"CommunicationEventServices::sendEmailToContactList handles correctly
tmpResult != null". After this fix I have to check other possible similar cases
I neglected. Fortunately, only trunk is concerned.

Thanks: Ingo Wolfmayr

I did not have these ones, found there
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md
and there https://github.com/tennc/webshell

Without this change two product types have the same name.

Thanks: Ingo Wolfmayr

Syntax error in previous commit

Also try jira_options: link label, see
https://cwiki.apache.org/confluence/display/INFRA/Git+-+.asf.yaml+features#Git.asf.yamlfeatures-Jiranotificationoptions

Also adds javadoc task to GH actions, let's see if it works there.

When you define a controller request-map with an event of type 'service-multi', if your uri contains multiple allocation like 'MyWay/MyAction' the class ServiceMultiEventHandler failed to execute with an EventHandlerException

 *****
    <request-map uri="Payment/QuickSend">
        ...
        <event type="service-multi" invoke="quickSendPayment"/>
        ...
 *****

The reason comes from the necessary to resolve the attribute global-transaction on event definition, and to do that a call to ConfigXMLReader is realized.

But unnecessary because we already have the event element on the context.
Use it directly, simplify the code and fix this issue

When, on a form, you set a widget-style on a display field, you activate the inline editor without reason.
The issue comes from HtmlFormMacroLibrary.ftl that initialize some value in a span without control if it's necessary.

Thanks to Leila Mekika for solve this issue

SecurityUtil.java:91: error: unknown tag: String
     * @return List<String>

This is just a try Infra asked about. I have also asked montastic if we can
have 3 different badges. For now I simply backport this one in order to test
all the Buildbot flows.

When a product is successfully added to the shopping cart, a notify
message is displayed with detail of the productId added.

Thanks Sourabh Punyani for your work.

The previous commit was twice wrong:
1. System properties in gradle.properties are not defined using -D but using
systemProp.
2. Anyway systemProp. is defining system properties only available in JVM where
Gradle is running, not the application you run. For that you need to use
applicationDefaultJvmArgs in application in the main build.gradle.

Here is the system property for jdk.serialFilter

When importing an entity with "${" in for at least an element it's rejected
because of the security check done to protect from Freemarker unauth attacks
(see OFBIZ-12594).

As suggested by Ingo, allowing users with appropriate permissions seems an
usable solution. We still need to define the "appropriate permissions".
We can start with OFBTOOLS and WEBTOOLS, as it's reported by Ingo, and add
others later if they ever come.

Thanks: Ingo Wolfmayr for report and suggestion

Lost comment about
https://lists.apache.org/thread/80wzf4kclfk5nh2fss56jd6otf7y4n2f
because of a rebase in previous commit

Reverts previous commit,
see https://lists.apache.org/thread/80wzf4kclfk5nh2fss56jd6otf7y4n2f

It's now 2 weeks that INFRA-23076 is open, so like 3 weeks that BuildBot is not
working for OFBiz at all.

So far I did not run the integration tests on GH because
* we have it on BuildBot
* it's complicated to show the results

Hopefully BuildBot will soon run the OFBiz builds again. But it does not hurt
to run the integration tests on GH, even w/o the results, because at least it's
easier than running them for each commit locally (takes time) and we can run
them locally once we know there is a problem demonstrated with GH actions.

In method filterOutOfStockProducts added case for "virtual" products.
In case a product isVirtual (= Y), then the available inventory count
(lastInventoryCount) is summed up on all its product variants, across
all the ProductFacility records, and then used to determine if the
(parent/virtual) product is in stock or out of stock.

This fix does not check if the facilityId of the ProductFacility
records retrieved is associated and enabled to the ProductStore.

Thanks Nicola Mazzoni for helping in anlyzing this issue.

The Main advantage of RE2J is that it guarantees linear time execution.

The previous commit for OFBIZ-12594 was only working on Windows. On *nix OSs
there is no way to reliably get "--test" String from java.class.path property.

Also the previous fix was brittle because relying only on 1 space separating
words.

This fix puts in the SolrDispatchFilter system property at the beginning of the
4 Solr tests and removes it at end of them. That presence can reliably be tested
in ControlFilter that is called before SolrDispatchFilter. It allows to bypass
SecurityUtil::containsFreemarkerInterpolation that would else change the
parameters content type that must be application/x-www-form-urlencoded.
content

Thanks: Tom Pietsch for report and Mart Naum for confirmation

Updates:
jquery-migrate from 3.3.2 to 3.4.0
dompurify from 2.3.4 to 3.2.6
jquery-ui-dist from 1.13.0 to 1.13.1

If quantity not reserved is not 0, requireInventory is set to Y, system
let an order to be placed anyway.

The usage of the service around the project let make an important
assertion: we can consider that also reserveInventory flag of the
ProductStore is Y, since right now is always the caller context that
checks for the reserveInventory flag.

This fix simply returns a specific error to the caller, avoiding the
system to place the order.

Thanks Nicola Mazzoni for helping in debug this issue and Jacopo
Cappellato for the patch review.

Puts the Uglify script in package.json with an example of use for jquery.flot.js

The size diff between jquery.flot.js and jquery.flot.min.js is only 2%, so it's
more an example...

Note: to run the Uglify task alone use "gradlew npm_run_uglify"

This reverts commit 6c1265ca.
Was not the last...