Openbravo Issue Tracking System - Openbravo ERP |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0025023 | Openbravo ERP | C. Security | public | 2013-10-25 11:54 | 2014-02-15 02:00 |
|
| Reporter | egoitz | |
| Assigned To | shankarb | |
| Priority | immediate | Severity | critical | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | |
| Platform | | OS | 5 | OS Version | |
| Product Version | | |
| Target Version | 3.0PR14Q2 | Fixed in Version | 3.0PR14Q2 | |
| Merge Request Status | |
| Review Assigned To | AugustoMauch |
| OBNetwork customer | No |
| Web browser | |
| Modules | Core |
| Support ticket | |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0025023: Security problem on the alert window |
| Description | Security problem on the alert window |
| Steps To Reproduce | Check the code |
| Proposed Solution | |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | |
| Attached Files | |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2013-10-25 11:54 | egoitz | New Issue | |
| 2013-10-25 11:54 | egoitz | Assigned To | => AugustoMauch |
| 2013-10-25 11:54 | egoitz | Modules | => Core |
| 2013-10-25 11:54 | egoitz | OBNetwork customer | => No |
| 2013-10-25 11:54 | egoitz | Triggers an Emergency Pack | => No |
| 2014-01-07 08:33 | alostale | Target Version | => 3.0MP32 |
| 2014-01-27 07:24 | shankarb | Assigned To | AugustoMauch => shankarb |
| 2014-01-27 07:24 | shankarb | Status | new => scheduled |
| 2014-01-27 07:24 | shankarb | fix_in_branch | => pi |
| 2014-01-27 10:15 | shankarb | Issue Monitored: AugustoMauch | |
| 2014-01-27 10:15 | shankarb | Review Assigned To | => AugustoMauch |
| 2014-01-27 10:15 | shankarb | fix_in_branch | pi => |
| 2014-01-27 10:16 | hgbot | Checkin | |
| 2014-01-27 10:16 | hgbot | Note Added: 0063704 | |
| 2014-01-27 10:16 | hgbot | Status | scheduled => resolved |
| 2014-01-27 10:16 | hgbot | Resolution | open => fixed |
| 2014-01-27 10:16 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/fcc10a50bab69688bb2d59f51addd93957ec1980 [^] |
| 2014-01-28 12:50 | AugustoMauch | Note Added: 0063748 | |
| 2014-01-28 12:50 | AugustoMauch | Status | resolved => new |
| 2014-01-28 12:50 | AugustoMauch | Resolution | fixed => open |
| 2014-01-29 08:38 | hgbot | Checkin | |
| 2014-01-29 08:38 | hgbot | Note Added: 0063767 | |
| 2014-01-29 08:38 | hgbot | Status | new => resolved |
| 2014-01-29 08:38 | hgbot | Resolution | open => fixed |
| 2014-01-29 08:38 | hgbot | Fixed in SCM revision | http://code.openbravo.com/erp/devel/pi/rev/fcc10a50bab69688bb2d59f51addd93957ec1980 [^] => http://code.openbravo.com/erp/devel/pi/rev/8392986ae06fdeb92e49f9b6436068c1c77c150e [^] |
| 2014-01-30 07:34 | hgbot | Checkin | |
| 2014-01-30 07:34 | hgbot | Note Added: 0063797 | |
| 2014-02-12 18:29 | hudsonbot | Checkin | |
| 2014-02-12 18:29 | hudsonbot | Note Added: 0064115 | |
| 2014-02-12 18:29 | hudsonbot | Checkin | |
| 2014-02-12 18:29 | hudsonbot | Note Added: 0064131 | |
| 2014-02-12 18:29 | hudsonbot | Checkin | |
| 2014-02-12 18:29 | hudsonbot | Note Added: 0064137 | |
| 2014-02-13 15:50 | hgbot | Checkin | |
| 2014-02-13 15:50 | hgbot | Note Added: 0064229 | |
| 2014-02-13 17:10 | AugustoMauch | Note Added: 0064234 | |
| 2014-02-13 17:11 | AugustoMauch | Status | resolved => closed |
| 2014-02-13 17:11 | AugustoMauch | Fixed in Version | => 3.0MP32 |
| 2014-02-15 02:00 | hudsonbot | Checkin | |
| 2014-02-15 02:00 | hudsonbot | Note Added: 0064274 | |
|
Notes |
|
|
(0063704)
|
|
hgbot
|
|
2014-01-27 10:16
|
|
Repository: erp/devel/pi
Changeset: fcc10a50bab69688bb2d59f51addd93957ec1980
Author: Shankar Balachandran <shankar.balachandran <at> openbravo.com>
Date: Mon Jan 27 14:44:00 2014 +0530
URL: http://code.openbravo.com/erp/devel/pi/rev/fcc10a50bab69688bb2d59f51addd93957ec1980 [^]
Fixes Issue 0025023: Security problem on the alert window
Allow only read only transactions when executing alerts.
---
M src/org/openbravo/erpCommon/ad_callouts/SL_AlertRule_SQL.java
M src/org/openbravo/erpCommon/ad_process/AlertProcess.java
---
|
|
|
|
|
|
Reopened because fix is incomplete |
|
|
|
(0063767)
|
|
hgbot
|
|
2014-01-29 08:38
|
|
Repository: erp/devel/pi
Changeset: 8392986ae06fdeb92e49f9b6436068c1c77c150e
Author: Shankar Balachandran <shankar.balachandran <at> openbravo.com>
Date: Wed Jan 29 13:07:07 2014 +0530
URL: http://code.openbravo.com/erp/devel/pi/rev/8392986ae06fdeb92e49f9b6436068c1c77c150e [^]
Fixes Issue 0025023: Security problem on the alert window
Execute alerts only if it startsWith SELECT.
---
M src/org/openbravo/erpCommon/ad_process/AlertProcess.java
---
|
|
|
|
(0063797)
|
|
hgbot
|
|
2014-01-30 07:34
|
|
Repository: erp/devel/pi
Changeset: 3c7807526be6c6d687563262e34d5f4ce3c56c86
Author: Shankar Balachandran <shankar.balachandran <at> openbravo.com>
Date: Thu Jan 30 12:02:52 2014 +0530
URL: http://code.openbravo.com/erp/devel/pi/rev/3c7807526be6c6d687563262e34d5f4ce3c56c86 [^]
Related to Issue 25023: Added error message for alert queries
---
M src/org/openbravo/erpCommon/ad_callouts/SL_AlertRule_SQL.java
M src/org/openbravo/erpCommon/ad_process/AlertProcess.java
---
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(0064229)
|
|
hgbot
|
|
2014-02-13 15:50
|
|
|
|
|
|
|
Code reviewed and verified in pi@b6dad5dc6d68 |
|
|
|
|
|