0025023: Security problem on the alert window - Openbravo Issue Tracking System

(0063704)
hgbot (developer)
2014-01-27 10:16

Repository: erp/devel/pi
Changeset: fcc10a50bab69688bb2d59f51addd93957ec1980
Author: Shankar Balachandran <shankar.balachandran <at> openbravo.com>
Date: Mon Jan 27 14:44:00 2014 +0530
URL: http://code.openbravo.com/erp/devel/pi/rev/fcc10a50bab69688bb2d59f51addd93957ec1980 [^]

Fixes Issue 0025023: Security problem on the alert window

Allow only read only transactions when executing alerts.

---
M src/org/openbravo/erpCommon/ad_callouts/SL_AlertRule_SQL.java
M src/org/openbravo/erpCommon/ad_process/AlertProcess.java
---

(0063748)
AugustoMauch (administrator)
2014-01-28 12:50

Reopened because fix is incomplete

(0063767)
hgbot (developer)
2014-01-29 08:38

Repository: erp/devel/pi
Changeset: 8392986ae06fdeb92e49f9b6436068c1c77c150e
Author: Shankar Balachandran <shankar.balachandran <at> openbravo.com>
Date: Wed Jan 29 13:07:07 2014 +0530
URL: http://code.openbravo.com/erp/devel/pi/rev/8392986ae06fdeb92e49f9b6436068c1c77c150e [^]

Fixes Issue 0025023: Security problem on the alert window

Execute alerts only if it startsWith SELECT.

---
M src/org/openbravo/erpCommon/ad_process/AlertProcess.java
---

(0063797)
hgbot (developer)
2014-01-30 07:34

Repository: erp/devel/pi
Changeset: 3c7807526be6c6d687563262e34d5f4ce3c56c86
Author: Shankar Balachandran <shankar.balachandran <at> openbravo.com>
Date: Thu Jan 30 12:02:52 2014 +0530
URL: http://code.openbravo.com/erp/devel/pi/rev/3c7807526be6c6d687563262e34d5f4ce3c56c86 [^]

Related to Issue 25023: Added error message for alert queries

---
M src/org/openbravo/erpCommon/ad_callouts/SL_AlertRule_SQL.java
M src/org/openbravo/erpCommon/ad_process/AlertProcess.java
---

(0064115)
hudsonbot (viewer)
2014-02-12 18:29

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/d1a5bb862230 [^]
Maturity status: Test

(0064131)
hudsonbot (viewer)
2014-02-12 18:29

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/d1a5bb862230 [^]
Maturity status: Test

(0064137)
hudsonbot (viewer)
2014-02-12 18:29

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/d1a5bb862230 [^]
Maturity status: Test

(0064229)
hgbot (developer)
2014-02-13 15:50

Repository: erp/devel/pi
Changeset: e2e4ee24620210d87432677c04434577ba5bdcbb
Author: Shankar Balachandran <shankar.balachandran <at> openbravo.com>
Date: Thu Feb 13 20:19:32 2014 +0530
URL: http://code.openbravo.com/erp/devel/pi/rev/e2e4ee24620210d87432677c04434577ba5bdcbb [^]

Related to Issue 0025023: Added missing message definition.

---
M src-db/database/sourcedata/AD_MESSAGE.xml
---

(0064234)
AugustoMauch (administrator)
2014-02-13 17:10

Code reviewed and verified in pi@b6dad5dc6d68

(0064274)
hudsonbot (viewer)
2014-02-15 02:00

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/90b0b23defc9 [^]
Maturity status: Test

Issue History
Date Modified	Username	Field	Change
2013-10-25 11:54	egoitz	New Issue
2013-10-25 11:54	egoitz	Assigned To	=> AugustoMauch
2013-10-25 11:54	egoitz	Modules	=> Core
2013-10-25 11:54	egoitz	OBNetwork customer	=> No
2013-10-25 11:54	egoitz	Triggers an Emergency Pack	=> No
2014-01-07 08:33	alostale	Target Version	=> 3.0MP32
2014-01-27 07:24	shankarb	Assigned To	AugustoMauch => shankarb
2014-01-27 07:24	shankarb	Status	new => scheduled
2014-01-27 07:24	shankarb	fix_in_branch	=> pi
2014-01-27 10:15	shankarb	Issue Monitored: AugustoMauch
2014-01-27 10:15	shankarb	Review Assigned To	=> AugustoMauch
2014-01-27 10:15	shankarb	fix_in_branch	pi =>
2014-01-27 10:16	hgbot	Checkin
2014-01-27 10:16	hgbot	Note Added: 0063704
2014-01-27 10:16	hgbot	Status	scheduled => resolved
2014-01-27 10:16	hgbot	Resolution	open => fixed
2014-01-27 10:16	hgbot	Fixed in SCM revision	=> http://code.openbravo.com/erp/devel/pi/rev/fcc10a50bab69688bb2d59f51addd93957ec1980 [^]
2014-01-28 12:50	AugustoMauch	Note Added: 0063748
2014-01-28 12:50	AugustoMauch	Status	resolved => new
2014-01-28 12:50	AugustoMauch	Resolution	fixed => open
2014-01-29 08:38	hgbot	Checkin
2014-01-29 08:38	hgbot	Note Added: 0063767
2014-01-29 08:38	hgbot	Status	new => resolved
2014-01-29 08:38	hgbot	Resolution	open => fixed
2014-01-29 08:38	hgbot	Fixed in SCM revision	http://code.openbravo.com/erp/devel/pi/rev/fcc10a50bab69688bb2d59f51addd93957ec1980 [^] => http://code.openbravo.com/erp/devel/pi/rev/8392986ae06fdeb92e49f9b6436068c1c77c150e [^]
2014-01-30 07:34	hgbot	Checkin
2014-01-30 07:34	hgbot	Note Added: 0063797
2014-02-12 18:29	hudsonbot	Checkin
2014-02-12 18:29	hudsonbot	Note Added: 0064115
2014-02-12 18:29	hudsonbot	Checkin
2014-02-12 18:29	hudsonbot	Note Added: 0064131
2014-02-12 18:29	hudsonbot	Checkin
2014-02-12 18:29	hudsonbot	Note Added: 0064137
2014-02-13 15:50	hgbot	Checkin
2014-02-13 15:50	hgbot	Note Added: 0064229
2014-02-13 17:10	AugustoMauch	Note Added: 0064234
2014-02-13 17:11	AugustoMauch	Status	resolved => closed
2014-02-13 17:11	AugustoMauch	Fixed in Version	=> 3.0MP32
2014-02-15 02:00	hudsonbot	Checkin
2014-02-15 02:00	hudsonbot	Note Added: 0064274

Notes
(0063704) hgbot (developer) 2014-01-27 10:16	Repository: erp/devel/pi Changeset: fcc10a50bab69688bb2d59f51addd93957ec1980 Author: Shankar Balachandran <shankar.balachandran <at> openbravo.com> Date: Mon Jan 27 14:44:00 2014 +0530 URL: http://code.openbravo.com/erp/devel/pi/rev/fcc10a50bab69688bb2d59f51addd93957ec1980 [^] Fixes Issue 0025023: Security problem on the alert window Allow only read only transactions when executing alerts. --- M src/org/openbravo/erpCommon/ad_callouts/SL_AlertRule_SQL.java M src/org/openbravo/erpCommon/ad_process/AlertProcess.java ---

(0063748) AugustoMauch (administrator) 2014-01-28 12:50	Reopened because fix is incomplete

(0063767) hgbot (developer) 2014-01-29 08:38	Repository: erp/devel/pi Changeset: 8392986ae06fdeb92e49f9b6436068c1c77c150e Author: Shankar Balachandran <shankar.balachandran <at> openbravo.com> Date: Wed Jan 29 13:07:07 2014 +0530 URL: http://code.openbravo.com/erp/devel/pi/rev/8392986ae06fdeb92e49f9b6436068c1c77c150e [^] Fixes Issue 0025023: Security problem on the alert window Execute alerts only if it startsWith SELECT. --- M src/org/openbravo/erpCommon/ad_process/AlertProcess.java ---

(0063797) hgbot (developer) 2014-01-30 07:34	Repository: erp/devel/pi Changeset: 3c7807526be6c6d687563262e34d5f4ce3c56c86 Author: Shankar Balachandran <shankar.balachandran <at> openbravo.com> Date: Thu Jan 30 12:02:52 2014 +0530 URL: http://code.openbravo.com/erp/devel/pi/rev/3c7807526be6c6d687563262e34d5f4ce3c56c86 [^] Related to Issue 25023: Added error message for alert queries --- M src/org/openbravo/erpCommon/ad_callouts/SL_AlertRule_SQL.java M src/org/openbravo/erpCommon/ad_process/AlertProcess.java ---

(0064115) hudsonbot (viewer) 2014-02-12 18:29	A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/d1a5bb862230 [^] Maturity status: Test

(0064131) hudsonbot (viewer) 2014-02-12 18:29	A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/d1a5bb862230 [^] Maturity status: Test

(0064137) hudsonbot (viewer) 2014-02-12 18:29	A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/d1a5bb862230 [^] Maturity status: Test

(0064229) hgbot (developer) 2014-02-13 15:50	Repository: erp/devel/pi Changeset: e2e4ee24620210d87432677c04434577ba5bdcbb Author: Shankar Balachandran <shankar.balachandran <at> openbravo.com> Date: Thu Feb 13 20:19:32 2014 +0530 URL: http://code.openbravo.com/erp/devel/pi/rev/e2e4ee24620210d87432677c04434577ba5bdcbb [^] Related to Issue 0025023: Added missing message definition. --- M src-db/database/sourcedata/AD_MESSAGE.xml ---

(0064234) AugustoMauch (administrator) 2014-02-13 17:10	Code reviewed and verified in pi@b6dad5dc6d68

(0064274) hudsonbot (viewer) 2014-02-15 02:00	A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/90b0b23defc9 [^] Maturity status: Test

Relationships [ Relation Graph ] [ Dependency Graph ]