Skip to content
Sign in
Succès

Changes

Summary

  1. Bug #15018 Fix vulnerability by using a volatile per-page token and by removing useless request parameters and web controller attributes (details)
  2. Bug #15110 (details)
Commit a03530497d4b7e4ddd84a1f677914287fa2b1b44 by Miguel Moquillon
Bug #15018 Fix vulnerability by using a volatile per-page token and by removing useless request parameters and web controller attributes

In order to enforce the security while managing user domains in
Silverpeas, a specific volatile synchronization token mechanism is used.
Each time a change (id est a side-effect action) is requested, the
client must pass a token that has been specifically generated for it
before; only expected clients (web pages in the Silverpeas  backoffice)
are mandated to receive this token and the token is renew each time.

Refactor the sort order attribute as an enum in order to avoid invalid
values. Remove useless parameters and attributes in the search.
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/userCreate.jsp (diff)
The file was removedcore-war/src/main/java/org/silverpeas/web/pdc/control/SortResultsXFormWithoutPub.java
The file was modifiedcore-war/src/main/java/org/silverpeas/web/pdc/control/SortResults.java (diff)
The file was modifiedcore-war/src/main/java/org/silverpeas/web/pdc/control/SortResultsFactory.java (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/domainSQLCreate.jsp (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/userImport.jsp (diff)
The file was modifiedcore-war/src/main/java/org/silverpeas/web/pdc/control/PdcSearchSessionController.java (diff)
The file was modifiedcore-war/src/main/java/org/silverpeas/web/jobdomain/control/JobDomainPeasSessionController.java (diff)
The file was modifiedcore-war/src/main/java/org/silverpeas/web/pdc/servlets/PdcSearchRequestRouterHelper.java (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/groupContent.jsp (diff)
The file was modifiedcore-library/src/integration-test/resources/org/silverpeas/index/search/searchEngineSettings.properties (diff)
The file was modifiedcore-configuration/src/main/config/properties/org/silverpeas/index/search/searchEngineSettings.properties (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/domainSynchro.jsp (diff)
The file was modifiedcore-web/src/integration-test/resources/org/silverpeas/index/search/searchEngineSettings.properties (diff)
The file was removedcore-war/src/main/java/org/silverpeas/web/pdc/control/Keys.java
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/groupManagers.jsp (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/removedUsers.jsp (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/usersCsvImport.jsp (diff)
The file was modifiedcore-war/src/main/java/org/silverpeas/web/jobdomain/servlets/JobDomainPeasRequestRouter.java (diff)
The file was addedcore-war/src/main/java/org/silverpeas/web/pdc/control/SortOrder.java
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/domainUserFilterManagement.jsp (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/groupCreate.jsp (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/usersWithSensitiveData.jsp (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/groupImport.jsp (diff)
The file was modifiedcore-war/src/main/webapp/pdcPeas/jsp/globalResult.jsp (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/domainContent.jsp (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/domainCreate.jsp (diff)
The file was modifiedcore-war/src/main/java/org/silverpeas/web/pdc/servlets/PdcSearchRequestRouter.java (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/deletedUsers.jsp (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/removedGroups.jsp (diff)
The file was modifiedcore-web/src/main/resources/META-INF/viewGenerator.tld (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/jobDomain.jsp (diff)
The file was modifiedcore-war/src/main/webapp/pdcPeas/jsp/globalSearchXML.jsp (diff)
The file was modifiedcore-war/src/main/webapp/selection/jsp/userpanel.jsp (diff)
The file was modifiedcore-war/src/main/java/org/silverpeas/web/pdc/control/DefaultSortResults.java (diff)
The file was modifiedcore-war/src/main/webapp/jobDomainPeas/jsp/userContent.jsp (diff)
Commit 796930a5dd35251f539b7fab46b21c3ad0534cf2 by Miguel Moquillon
Bug #15110

When qualifying the reported issue, I found the status of a user (in his
profile) wasn't correctly escaped when rendering by one of his contacts.
I fixed then this.
The file was modifiedcore-war/src/main/webapp/socialNetwork/jsp/myProfil/myProfile.jsp (diff)
The file was modifiedcore-war/src/main/webapp/socialNetwork/jsp/myContactProfil/myContactProfile.jsp (diff)

Summary

  1. Fix support #15091 (details)
  2. For Quality Gate (details)
  3. Bug #15125 (details)
  4. Bug #15153 (details)
  5. Bug #15115 (details)
  6. bug #15156 : Updating end date of the project can provoke a without-end loop. (details)
  7. bug #15063 : The images inside of a wysiwyg field content is now well managed (URL changed with the new attachmentId and new app Id) (details)
Commit 3439e68a8a12b2d0f974c2778af24a731e96a02c by Miguel Moquillon
Fix support #15091

Buttons displayed was not screened good
The file was modifiedprocessManager/processManager-war/src/main/webapp/processManager/jsp/styleSheets/processManager.css (diff)
Commit 055317e158f079161e658d836993cb2c2dfd4d80 by Miguel Moquillon
For Quality Gate

Unexpected shorthand "background" after "background-color"
The file was modifiedprocessManager/processManager-war/src/main/webapp/processManager/jsp/styleSheets/processManager.css (diff)
Commit ed4d1ddcda9a5a621549ccda6dba79d6c3608431 by Miguel Moquillon
Bug #15125

The publications weren't really sorted. This is now fixed. Keep track
also of the sorting rule chosen by the user.
The file was modifiedkmelia/kmelia-war/src/main/java/org/silverpeas/components/kmelia/servlets/AjaxPublicationsListServlet.java (diff)
The file was modifiedkmelia/kmelia-war/src/main/webapp/kmelia/jsp/publicationLinksManager.jsp (diff)
Commit eac1d1239009403411a0b5548ae435a7c069209a by Miguel Moquillon
Bug #15153
Bug #15146

When notifying subscribers about the creation of a new classified, the
concerned subscribers are fetched according to the component instance
for which the subscription has been done.

Sort the list of values for each fields targeted by a subscription
before rendering them.
The file was modifiedclassifieds/classifieds-library/src/main/java/org/silverpeas/components/classifieds/service/DefaultClassifiedService.java (diff)
The file was modifiedclassifieds/classifieds-war/src/main/java/org/silverpeas/components/classifieds/servlets/SubscriptionFieldValue.java (diff)
The file was modifiedclassifieds/classifieds-library/src/main/java/org/silverpeas/components/classifieds/dao/ClassifiedsDAO.java (diff)
The file was modifiedclassifieds/classifieds-war/src/main/java/org/silverpeas/components/classifieds/servlets/SubscriptionField.java (diff)
The file was modifiedclassifieds/classifieds-library/src/main/java/org/silverpeas/components/classifieds/service/ClassifiedService.java (diff)
The file was modifiedclassifieds/classifieds-war/src/main/java/org/silverpeas/components/classifieds/servlets/FunctionHandler.java (diff)
Commit 9bccebda87564c972cf3657e12c1d11babfd994e by Miguel Moquillon
Bug #15115

The ui-resizable-handle needs an Id contained kmelia  to appear
The file was modifiedkmelia/kmelia-war/src/main/webapp/kmelia/jsp/treeview.jsp (diff)
Commit d93969b6a4eba8c85f5bc5f1ca631a3498e4a856 by Miguel Moquillon
bug #15156 : Updating end date of the project can provoke a without-end loop.
The file was modifiedprojectManager/projectManager-library/src/main/java/org/silverpeas/components/projectmanager/service/DefaultProjectManagerService.java (diff)
Commit ab52b7ad048aea0a3598bd575bca5eaec81ee923 by Miguel Moquillon
bug #15063 : The images inside of a wysiwyg field content is now well managed (URL changed with the new attachmentId and new app Id)
The file was modifiedkmelia/kmelia-library/src/main/java/org/silverpeas/components/kmelia/workflowextensions/SendInKmelia.java (diff)

Summary

  1. Bug #15118 Fix bug by redefining with var the scope of the (details)
Commit b4a36b812006efd7731b463e8324ad58ff5889dd by Miguel Moquillon
Bug #15118 Fix bug by redefining with var the scope of the
searchEngineScope, directoryScope and searchScope variables.
The file was modifiedaurora/aurora-war/src/main/webapp/look/jsp/TopBar.jsp (diff)

Summary

  1. feature #15131 : activation of a planned compacting task during execution (details)
Commit c77a8f4682d539408137ee00de16eb9a275829aa by David Lesimple
feature #15131 : activation of a planned compacting task during execution
The file was modifiedsrc/main/dist/configuration/silverpeas/resources/silverpeas-oak.properties (diff)