Openbravo Issue Tracking System - Openbravo ERP | |||||||||||||||||||
| View Issue Details | |||||||||||||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||||||||||||
| 0012652 | Openbravo ERP | Z. Others | public | 2010-03-11 14:26 | 2010-04-16 00:00 | ||||||||||||||
| Reporter | alostale | ||||||||||||||||||
| Assigned To | adrianromero | ||||||||||||||||||
| Priority | immediate | Severity | major | Reproducibility | N/A | ||||||||||||||
| Status | closed | Resolution | fixed | ||||||||||||||||
| Platform | OS | 5 | OS Version | ||||||||||||||||
| Product Version | |||||||||||||||||||
| Target Version | 2.50MP14 | Fixed in Version | |||||||||||||||||
| Merge Request Status | |||||||||||||||||||
| Review Assigned To | |||||||||||||||||||
| OBNetwork customer | |||||||||||||||||||
| Web browser | |||||||||||||||||||
| Modules | Core | ||||||||||||||||||
| Support ticket | |||||||||||||||||||
| Regression level | |||||||||||||||||||
| Regression date | |||||||||||||||||||
| Regression introduced in release | |||||||||||||||||||
| Regression introduced by commit | |||||||||||||||||||
| Triggers an Emergency Pack | No | ||||||||||||||||||
| Summary | 0012652: Proper management of DAL security | ||||||||||||||||||
| Description | As found in issue 0012651, some code is using DAL without managing security properly. More info can be found here [1] [1] http://forge.openbravo.com/plugins/espforum/view.php?group_id=100&forumid=549512&topicid=7010557 [^] | ||||||||||||||||||
| Steps To Reproduce | |||||||||||||||||||
| Proposed Solution | Check and fix if needed core code using DAL. This is the list of files that use DAL in current pi (36fdbf2c73bb) ./org/openbravo/base/secureApp/HttpSecureAppServlet.java ./org/openbravo/base/secureApp/OrgTreeNode.java ./org/openbravo/base/secureApp/LoginHandler.java ./org/openbravo/base/secureApp/VariablesSecureApp.java ./org/openbravo/reference/ui/UIList.java ./org/openbravo/reference/Reference.java ./org/openbravo/erpCommon/ad_actionButton/InvoicePaymentMonitor.java ./org/openbravo/erpCommon/ad_actionButton/ExportReferenceData.java ./org/openbravo/erpCommon/ad_process/HeartbeatProcess.java ./org/openbravo/erpCommon/ad_process/KillSession.java ./org/openbravo/erpCommon/ad_process/PaymentMonitor.java ./org/openbravo/erpCommon/ad_process/TestHeartbeat.java ./org/openbravo/erpCommon/ad_process/PaymentMonitorProcess.java ./org/openbravo/erpCommon/ad_process/CreateCustomModule.java ./org/openbravo/erpCommon/ad_process/ApplyModules.java ./org/openbravo/erpCommon/ad_process/AcctServerProcess.java ./org/openbravo/erpCommon/ad_process/UpdateAuditTrail.java ./org/openbravo/erpCommon/ad_forms/InstanceManagement.java ./org/openbravo/erpCommon/ad_forms/InitialClientSetup.java ./org/openbravo/erpCommon/ad_forms/InitialOrgSetup.java ./org/openbravo/erpCommon/ad_forms/Role.java ./org/openbravo/erpCommon/ad_forms/Registration.java ./org/openbravo/erpCommon/ad_forms/UpdateReferenceData.java ./org/openbravo/erpCommon/ad_forms/ModuleManagement.java ./org/openbravo/erpCommon/info/AttributeSetInstance.java ./org/openbravo/erpCommon/info/ImageInfoBLOB.java ./org/openbravo/erpCommon/modules/ApplyModule.java ./org/openbravo/erpCommon/modules/ModuleUtiltiy.java ./org/openbravo/erpCommon/obps/ActivationKey.java ./org/openbravo/erpCommon/obps/ActiveInstanceProcess.java ./org/openbravo/erpCommon/businessUtility/AuditTrailDeletedRecords.java ./org/openbravo/erpCommon/businessUtility/AuditTrailPopup.java ./org/openbravo/erpCommon/ad_callouts/SL_TableAudit.java ./org/openbravo/erpCommon/ad_callouts/SL_RequisitionLine_Product.java ./org/openbravo/erpCommon/ad_callouts/SL_PC_Case_Product.java ./org/openbravo/erpCommon/ad_callouts/SL_GlobalUse_Product.java ./org/openbravo/erpCommon/ad_callouts/SL_InOutLine_Product.java ./org/openbravo/erpCommon/ad_callouts/SL_Module_Minor_Version.java ./org/openbravo/erpCommon/ad_callouts/SL_Production_Product.java ./org/openbravo/erpCommon/ad_callouts/SL_Internal_Consumption_Product.java ./org/openbravo/erpCommon/ad_callouts/SL_ModuleCallout.java ./org/openbravo/erpCommon/ad_callouts/SL_Movement_Product.java ./org/openbravo/erpCommon/ad_callouts/SL_Inventory_Product.java ./org/openbravo/erpCommon/utility/Utility.java ./org/openbravo/erpCommon/utility/Register.java ./org/openbravo/erpCommon/utility/ShowImage.java ./org/openbravo/erpCommon/utility/ToolBar.java ./org/openbravo/erpCommon/utility/ImageToDatabaseLoader.java ./org/openbravo/erpCommon/utility/ShowImageLogo.java ./org/openbravo/erpCommon/utility/VerticalMenu.java ./org/openbravo/erpCommon/utility/UsedByLink.java ./org/openbravo/erpCommon/security/Menu.java ./org/openbravo/erpCommon/security/Login.java | ||||||||||||||||||
| Additional Information | |||||||||||||||||||
| Tags | No tags attached. | ||||||||||||||||||
| Relationships |
| ||||||||||||||||||
| Attached Files | |||||||||||||||||||
| Issue History | |||||||||||||||||||
| Date Modified | Username | Field | Change | ||||||||||||||||
| 2010-03-11 14:26 | alostale | New Issue | |||||||||||||||||
| 2010-03-11 14:26 | alostale | Assigned To | => adrianromero | ||||||||||||||||
| 2010-03-11 14:27 | alostale | Relationship added | related to 0012651 | ||||||||||||||||
| 2010-03-11 14:33 | rafaroda | Issue Monitored: rafaroda | |||||||||||||||||
| 2010-03-11 16:02 | alostale | Proposed Solution updated | |||||||||||||||||
| 2010-03-11 17:48 | psarobe | Severity | critical => major | ||||||||||||||||
| 2010-03-11 17:48 | psarobe | Status | new => scheduled | ||||||||||||||||
| 2010-03-12 12:26 | hgbot | Checkin | |||||||||||||||||
| 2010-03-12 12:26 | hgbot | Note Added: 0025287 | |||||||||||||||||
| 2010-03-12 12:40 | hgbot | Checkin | |||||||||||||||||
| 2010-03-12 12:40 | hgbot | Note Added: 0025288 | |||||||||||||||||
| 2010-03-12 17:08 | hgbot | Checkin | |||||||||||||||||
| 2010-03-12 17:08 | hgbot | Note Added: 0025298 | |||||||||||||||||
| 2010-03-15 13:09 | adrianromero | Status | scheduled => resolved | ||||||||||||||||
| 2010-03-15 13:09 | adrianromero | Fixed in SCM revision | => 64d9ea836ba2 | ||||||||||||||||
| 2010-03-15 13:09 | adrianromero | Resolution | open => fixed | ||||||||||||||||
| 2010-03-15 13:16 | adrianromero | Relationship added | related to 0012668 | ||||||||||||||||
| 2010-03-16 08:41 | hudsonbot | Checkin | |||||||||||||||||
| 2010-03-16 08:41 | hudsonbot | Note Added: 0025507 | |||||||||||||||||
| 2010-03-16 08:41 | hudsonbot | Checkin | |||||||||||||||||
| 2010-03-16 08:41 | hudsonbot | Note Added: 0025508 | |||||||||||||||||
| 2010-03-16 08:41 | hudsonbot | Checkin | |||||||||||||||||
| 2010-03-16 08:41 | hudsonbot | Note Added: 0025513 | |||||||||||||||||
| 2010-04-15 11:35 | plujan | Note Added: 0026240 | |||||||||||||||||
| 2010-04-15 11:35 | plujan | Status | resolved => closed | ||||||||||||||||
| 2010-04-16 00:00 | anonymous | sf_bug_id | 0 => 2987963 | ||||||||||||||||
| Notes | |||||
|
|
|||||
|
|
||||
|
|
|||||
|
|
||||
|
|
|||||
|
|
||||
|
|
|||||
|
|
||||
|
|
|||||
|
|
||||
|
|
|||||
|
|
||||
|
|
|||||
|
|
||||