Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0025023 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] C. Security | critical | have not tried | 2013-10-25 11:54 | 2014-02-15 02:00 | |||
| Reporter | egoitz | View Status | public | |||||
| Assigned To | shankarb | |||||||
| Priority | immediate | Resolution | fixed | Fixed in Version | 3.0PR14Q2 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | 8392986ae06f | ||||
| Projection | none | ETA | none | Target Version | 3.0PR14Q2 | |||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Review Assigned To | AugustoMauch | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0025023: Security problem on the alert window | |||||||
| Description | Security problem on the alert window | |||||||
| Steps To Reproduce | Check the code | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|
 Relationships |
|
Notes |
|
|
(0063704) hgbot (developer) 2014-01-27 10:16 |
Repository: erp/devel/pi Changeset: fcc10a50bab69688bb2d59f51addd93957ec1980 Author: Shankar Balachandran <shankar.balachandran <at> openbravo.com> Date: Mon Jan 27 14:44:00 2014 +0530 URL: http://code.openbravo.com/erp/devel/pi/rev/fcc10a50bab69688bb2d59f51addd93957ec1980 [^] Fixes Issue 0025023: Security problem on the alert window Allow only read only transactions when executing alerts. --- M src/org/openbravo/erpCommon/ad_callouts/SL_AlertRule_SQL.java M src/org/openbravo/erpCommon/ad_process/AlertProcess.java --- |
|
(0063748) AugustoMauch (manager) 2014-01-28 12:50 |
Reopened because fix is incomplete |
|
(0063767) hgbot (developer) 2014-01-29 08:38 |
Repository: erp/devel/pi Changeset: 8392986ae06fdeb92e49f9b6436068c1c77c150e Author: Shankar Balachandran <shankar.balachandran <at> openbravo.com> Date: Wed Jan 29 13:07:07 2014 +0530 URL: http://code.openbravo.com/erp/devel/pi/rev/8392986ae06fdeb92e49f9b6436068c1c77c150e [^] Fixes Issue 0025023: Security problem on the alert window Execute alerts only if it startsWith SELECT. --- M src/org/openbravo/erpCommon/ad_process/AlertProcess.java --- |
|
(0063797) hgbot (developer) 2014-01-30 07:34 |
Repository: erp/devel/pi Changeset: 3c7807526be6c6d687563262e34d5f4ce3c56c86 Author: Shankar Balachandran <shankar.balachandran <at> openbravo.com> Date: Thu Jan 30 12:02:52 2014 +0530 URL: http://code.openbravo.com/erp/devel/pi/rev/3c7807526be6c6d687563262e34d5f4ce3c56c86 [^] Related to Issue 25023: Added error message for alert queries --- M src/org/openbravo/erpCommon/ad_callouts/SL_AlertRule_SQL.java M src/org/openbravo/erpCommon/ad_process/AlertProcess.java --- |
|
(0064115) hudsonbot (developer) 2014-02-12 18:29 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/d1a5bb862230 [^] Maturity status: Test |
|
(0064131) hudsonbot (developer) 2014-02-12 18:29 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/d1a5bb862230 [^] Maturity status: Test |
|
(0064137) hudsonbot (developer) 2014-02-12 18:29 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/d1a5bb862230 [^] Maturity status: Test |
|
(0064229) hgbot (developer) 2014-02-13 15:50 |
Repository: erp/devel/pi Changeset: e2e4ee24620210d87432677c04434577ba5bdcbb Author: Shankar Balachandran <shankar.balachandran <at> openbravo.com> Date: Thu Feb 13 20:19:32 2014 +0530 URL: http://code.openbravo.com/erp/devel/pi/rev/e2e4ee24620210d87432677c04434577ba5bdcbb [^] Related to Issue 0025023: Added missing message definition. --- M src-db/database/sourcedata/AD_MESSAGE.xml --- |
|
(0064234) AugustoMauch (manager) 2014-02-13 17:10 |
Code reviewed and verified in pi@b6dad5dc6d68 |
|
(0064274) hudsonbot (developer) 2014-02-15 02:00 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/90b0b23defc9 [^] Maturity status: Test |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2013-10-25 11:54 | egoitz | New Issue | |
| 2013-10-25 11:54 | egoitz | Assigned To | => AugustoMauch |
| 2013-10-25 11:54 | egoitz | Modules | => Core |
| 2013-10-25 11:54 | egoitz | Triggers an Emergency Pack | => No |
| 2014-01-07 08:33 | alostale | Target Version | => 3.0MP32 |
| 2014-01-27 07:24 | shankarb | Assigned To | AugustoMauch => shankarb |
| 2014-01-27 07:24 | shankarb | Status | new => scheduled |
| 2014-01-27 07:24 | shankarb | fix_in_branch | => pi |
| 2014-01-27 10:15 | shankarb | Issue Monitored: AugustoMauch | |
| 2014-01-27 10:15 | shankarb | Review Assigned To | => AugustoMauch |
| 2014-01-27 10:15 | shankarb | fix_in_branch | pi => |
| 2014-01-27 10:16 | hgbot | Checkin | |
| 2014-01-27 10:16 | hgbot | Note Added: 0063704 | |
| 2014-01-27 10:16 | hgbot | Status | scheduled => resolved |
| 2014-01-27 10:16 | hgbot | Resolution | open => fixed |
| 2014-01-27 10:16 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/fcc10a50bab69688bb2d59f51addd93957ec1980 [^] |
| 2014-01-28 12:50 | AugustoMauch | Note Added: 0063748 | |
| 2014-01-28 12:50 | AugustoMauch | Status | resolved => new |
| 2014-01-28 12:50 | AugustoMauch | Resolution | fixed => open |
| 2014-01-29 08:38 | hgbot | Checkin | |
| 2014-01-29 08:38 | hgbot | Note Added: 0063767 | |
| 2014-01-29 08:38 | hgbot | Status | new => resolved |
| 2014-01-29 08:38 | hgbot | Resolution | open => fixed |
| 2014-01-29 08:38 | hgbot | Fixed in SCM revision | http://code.openbravo.com/erp/devel/pi/rev/fcc10a50bab69688bb2d59f51addd93957ec1980 [^] => http://code.openbravo.com/erp/devel/pi/rev/8392986ae06fdeb92e49f9b6436068c1c77c150e [^] |
| 2014-01-30 07:34 | hgbot | Checkin | |
| 2014-01-30 07:34 | hgbot | Note Added: 0063797 | |
| 2014-02-12 18:29 | hudsonbot | Checkin | |
| 2014-02-12 18:29 | hudsonbot | Note Added: 0064115 | |
| 2014-02-12 18:29 | hudsonbot | Checkin | |
| 2014-02-12 18:29 | hudsonbot | Note Added: 0064131 | |
| 2014-02-12 18:29 | hudsonbot | Checkin | |
| 2014-02-12 18:29 | hudsonbot | Note Added: 0064137 | |
| 2014-02-13 15:50 | hgbot | Checkin | |
| 2014-02-13 15:50 | hgbot | Note Added: 0064229 | |
| 2014-02-13 17:10 | AugustoMauch | Note Added: 0064234 | |
| 2014-02-13 17:11 | AugustoMauch | Status | resolved => closed |
| 2014-02-13 17:11 | AugustoMauch | Fixed in Version | => 3.0MP32 |
| 2014-02-15 02:00 | hudsonbot | Checkin | |
| 2014-02-15 02:00 | hudsonbot | Note Added: 0064274 | |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |