Skip to content
Sign in
Succès

Changes

Summary

  1. Bug #15018 Fix vulnerability by using a volatile per-page token and by removing useless request parameters and web controller attributes (details)
  2. Fix Bug #15117 (details)
  3. Bug #15110 (details)
Commit 27fda6c27963ac87a29322833a2219b1f546070c by Miguel Moquillon
Bug #15018 Fix vulnerability by using a volatile per-page token and by removing useless request parameters and web controller attributes

In order to enforce the security while managing user domains in
Silverpeas, a specific volatile synchronization token mechanism is used.
Each time a change (id est a side-effect action) is requested, the
client must pass a token that has been specifically generated for it
before; only expected clients (web pages in the Silverpeas  backoffice)
are mandated to receive this token and the token is renew each time.

Refactor the sort order attribute as an enum in order to avoid invalid
values. Remove useless parameters and attributes in the search.
The file was modifiedcore-war/src/main/java/org/silverpeas/web/jobdomain/control/JobDomainPeasSessionController.java (diff)
The file was modifiedcore-library/src/integration-test/resources/org/silverpeas/index/search/searchEngineSettings.properties (diff)
The file was modifiedcore-war/src/main/java/org/silverpeas/web/pdc/control/PdcSearchSessionController.java (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/removedUsers.jsp (diff)
The file was modifiedcore-war/src/main/java/org/silverpeas/web/pdc/servlets/PdcSearchRequestRouter.java (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/usersCsvImport.jsp (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/domainContent.jsp (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/removedGroups.jsp (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/userCreate.jsp (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/jobDomain.jsp (diff)
The file was addedcore-war/src/main/java/org/silverpeas/web/pdc/control/SortOrder.java
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/usersWithSensitiveData.jsp (diff)
The file was modifiedcore-war/src/main/java/org/silverpeas/web/pdc/control/DefaultSortResults.java (diff)
The file was modifiedcore-web/src/integration-test/resources/org/silverpeas/index/search/searchEngineSettings.properties (diff)
The file was removedcore-war/src/main/java/org/silverpeas/web/pdc/control/SortResultsXFormWithoutPub.java
The file was modifiedcore-war/src/main/webapp/pdcPeas/jsp/globalSearchXML.jsp (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/domainCreate.jsp (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/groupImport.jsp (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/groupCreate.jsp (diff)
The file was modifiedcore-war/src/main/java/org/silverpeas/web/pdc/servlets/PdcSearchRequestRouterHelper.java (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/deletedUsers.jsp (diff)
The file was modifiedcore-war/src/main/java/org/silverpeas/web/jobdomain/servlets/JobDomainPeasRequestRouter.java (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/userImport.jsp (diff)
The file was modifiedcore-war/src/main/webapp/pdcPeas/jsp/globalResult.jsp (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/domainSQLCreate.jsp (diff)
The file was modifiedcore-war/src/main/java/org/silverpeas/web/pdc/control/SortResults.java (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/userContent.jsp (diff)
The file was removedcore-war/src/main/java/org/silverpeas/web/pdc/control/Keys.java
The file was modifiedcore-war/src/main/webapp/selection/jsp/userpanel.jsp (diff)
The file was modifiedcore-war/src/main/java/org/silverpeas/web/pdc/control/SortResultsFactory.java (diff)
The file was modifiedcore-configuration/src/main/config/properties/org/silverpeas/index/search/searchEngineSettings.properties (diff)
The file was modifiedcore-web/src/main/resources/META-INF/viewGenerator.tld (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/domainSynchro.jsp (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/domainUserFilterManagement.jsp (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/groupContent.jsp (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/groupManagers.jsp (diff)
Commit 951773b7db54d7f57de79312d487080c815a3872 by Miguel Moquillon
Fix Bug #15117

Just a little visual bug impacted by the cleaning making during the fix of Feature #14695
The file was modifiedcore-war/src/main/webapp/style.css (diff)
Commit 487c4192d16720705e7f757e027cd54f1ee67042 by Miguel Moquillon
Bug #15110

When qualifying the reported issue, I found the status of a user (in his
profile) wasn't correctly escaped when rendering by one of his contacts.
I fixed then this.
The file was modifiedcore-war/src/main/webapp/socialNetwork/jsp/myProfil/myProfile.jsp (diff)
The file was modifiedcore-war/src/main/webapp/socialNetwork/jsp/myContactProfil/myContactProfile.jsp (diff)

Summary

  1. Fix support #15091 for master (details)
  2. Bug #15125 (details)
  3. Bug #15153 (details)
  4. Fix Bug #15115 (details)
  5. Bug#15115 (details)
  6. bug #15156 : Updating end date of the project can provoke a without-end loop. (details)
  7. bug #15063 : The images inside of a wysiwyg field content is now well managed (URL changed with the new attachmentId and new app Id) (details)
Commit b2a8ce5b032822b2da16e6627b72f066c6a4504b by Miguel Moquillon
Fix support #15091 for master

Buttons displayed was not screened good
The file was modifiedprocessManager/processManager-war/src/main/webapp/processManager/jsp/styleSheets/processManager.css (diff)
Commit 36c4cf86fcfaa838292acbf86e3e72737556a5a4 by Miguel Moquillon
Bug #15125

The publications weren't really sorted. This is now fixed. Keep track
also of the sorting rule chosen by the user.
The file was modifiedkmelia/kmelia-war/src/main/java/org/silverpeas/components/kmelia/servlets/AjaxPublicationsListServlet.java (diff)
The file was modifiedkmelia/kmelia-war/src/main/webapp/kmelia/jsp/publicationLinksManager.jsp (diff)
Commit 116cd9ceb777decb0b3b89d7e29a8929c4d916a3 by Miguel Moquillon
Bug #15153
Bug #15146

When notifying subscribers about the creation of a new classified, the
concerned subscribers are fetched according to the component instance
for which the subscription has been done.

Sort the list of values for each fields targeted by a subscription
before rendering them.
The file was modifiedclassifieds/classifieds-library/src/main/java/org/silverpeas/components/classifieds/service/ClassifiedService.java (diff)
The file was modifiedclassifieds/classifieds-war/src/main/java/org/silverpeas/components/classifieds/servlets/SubscriptionFieldValue.java (diff)
The file was modifiedclassifieds/classifieds-war/src/main/java/org/silverpeas/components/classifieds/servlets/FunctionHandler.java (diff)
The file was modifiedclassifieds/classifieds-war/src/main/java/org/silverpeas/components/classifieds/servlets/SubscriptionField.java (diff)
The file was modifiedclassifieds/classifieds-library/src/main/java/org/silverpeas/components/classifieds/service/DefaultClassifiedService.java (diff)
The file was modifiedclassifieds/classifieds-library/src/main/java/org/silverpeas/components/classifieds/dao/ClassifiedsDAO.java (diff)
Commit 20aaa37bc131784dfe214d130b549dc44080c085 by Miguel Moquillon
Fix Bug #15115

The ui-resizable-handle needs an Id contained kmelia to appear
The file was modifiedkmelia/kmelia-war/src/main/webapp/kmelia/jsp/treeview.jsp (diff)
Commit 442be4871354157a9a3d5a91ab46fd822bc78f73 by Miguel Moquillon
Bug#15115

fix a mistake from the first commit
The file was modifiedkmelia/kmelia-war/src/main/webapp/kmelia/jsp/treeview.jsp (diff)
Commit bb8cd9dc9432c291be23633b70585b15d33d0418 by Miguel Moquillon
bug #15156 : Updating end date of the project can provoke a without-end loop.
The file was modifiedprojectManager/projectManager-library/src/main/java/org/silverpeas/components/projectmanager/service/DefaultProjectManagerService.java (diff)
Commit f3fb638d629962ec53239bb492a47222678e3e3e by Miguel Moquillon
bug #15063 : The images inside of a wysiwyg field content is now well managed (URL changed with the new attachmentId and new app Id)
The file was modifiedkmelia/kmelia-library/src/main/java/org/silverpeas/components/kmelia/workflowextensions/SendInKmelia.java (diff)

Summary

  1. Bug #15118 Fix bug by redefining with var the scope of the (details)
Commit 82ba28a74d13990c559c4765e2303985a83d4a10 by Miguel Moquillon
Bug #15118 Fix bug by redefining with var the scope of the
searchEngineScope, directoryScope and searchScope variables.
The file was modifiedaurora/aurora-war/src/main/webapp/look/jsp/TopBar.jsp (diff)

Summary

  1. featrure #15131 : activation of a planned compacting task during execution (details)
Commit 8e89657aaa48c2dc94feb8ff2cccf377369fe299 by David Lesimple
featrure #15131 : activation of a planned compacting task during execution
The file was modifiedsrc/main/dist/configuration/silverpeas/resources/silverpeas-oak.properties (diff)