0029157: code review issues for Process Definition Reporting Tool project

Notes
(0075231) hgbot (developer) 2015-03-06 10:48	Repository: erp/devel/pi Changeset: d8ec9347e127febd5961acedac70ff0cfe52e5b6 Author: Asier Lostalé <asier.lostale <at> openbravo.com> Date: Fri Mar 06 08:51:40 2015 +0100 URL: http://code.openbravo.com/erp/devel/pi/rev/d8ec9347e127febd5961acedac70ff0cfe52e5b6 [^] fixed issue 29157: code review issues for Process Definition Reporting Tool Fixes include: * Security: prevent traversal attack. BaseReportActionHandler could be invoked to download any file in the system. Fixed by: - Now it only accepts file name instead of full path, looking for this file in the temporary directory. - Filename is parsed to ensure it is a valid generated jasper file name, preventing in this manner downloads of any arbitrary file in the temporary directory. * ReportSemaphoreHandling changes: - Modified to make use of standard java.util.concurrent.Semaphore implementation rather than implementing its own semaphore. - Property to read maximum number of concurrent executions is read on initialization instead of when acquiring. This way acquisition is faster. * When a Jasper report is generated with a virtualizer, it's finally cleaned up. * When downloading a report, temporary file is deleted on a finally block to ensure deletion even on failure. * Changes in javadoc to fix some typos + prevent undocumented parameters. * Defensive coding: when generating/downloading a report, don't assume if type is not pdf then it is xls, but do check all the types and raise an exception in case of unsupported type. * UI: in process definition window, don't show Can Add Records flag for process definitions of type report --- M modules/org.openbravo.client.application/src-db/database/sourcedata/AD_FIELD.xml M modules/org.openbravo.client.application/src/org/openbravo/client/application/report/BaseReportActionHandler.java M modules/org.openbravo.client.application/src/org/openbravo/client/application/report/ReportSemaphoreHandling.java M modules/org.openbravo.client.application/src/org/openbravo/client/application/report/ReportingUtils.java M modules/org.openbravo.client.application/web/org.openbravo.client.application/js/utilities/ob-utilities-action-def.js ---

(0075299) AugustoMauch (manager) 2015-03-09 11:00	Code reviewed and verified in pi@b9fc7e8e60ae

(0075330) hudsonbot (developer) 2015-03-09 17:49	A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/ef8a16dd11b3 [^] Maturity status: Test

Issue History
Date Modified	Username	Field	Change
2015-03-06 08:38	alostale	New Issue
2015-03-06 08:38	alostale	Assigned To	=> alostale
2015-03-06 08:38	alostale	Modules	=> Core
2015-03-06 08:38	alostale	Triggers an Emergency Pack	=> No
2015-03-06 08:38	alostale	Relationship added	related to 0026763
2015-03-06 08:46	alostale	Description Updated	View Revisions
2015-03-06 10:48	hgbot	Checkin
2015-03-06 10:48	hgbot	Note Added: 0075231
2015-03-06 10:48	hgbot	Status	new => resolved
2015-03-06 10:48	hgbot	Resolution	open => fixed
2015-03-06 10:48	hgbot	Fixed in SCM revision	=> http://code.openbravo.com/erp/devel/pi/rev/d8ec9347e127febd5961acedac70ff0cfe52e5b6 [^]
2015-03-09 09:29	alostale	Review Assigned To	=> AugustoMauch
2015-03-09 11:00	AugustoMauch	Note Added: 0075299
2015-03-09 11:00	AugustoMauch	Status	resolved => closed
2015-03-09 11:00	AugustoMauch	Fixed in Version	=> 3.0PR15Q2
2015-03-09 17:49	hudsonbot	Checkin
2015-03-09 17:49	hudsonbot	Note Added: 0075330
2015-03-30 10:45	alostale	Relationship added	causes 0029441