Thu, 17 Mar 2016 16:38:41 +0100[pi-security-hqlinjection] The warn and exception messages improved
Naroa Iriarte <naroa.iriarte@openbravo.com> [Thu, 17 Mar 2016 16:38:41 +0100] rev 29007
[pi-security-hqlinjection] The warn and exception messages improved

The warning message and the exception message are now translatable and
they add more context info.

Thu, 17 Mar 2016 10:57:17 +0100[pi-security-hqlinjection] Changed the name of the parameter for the implicit filter
Naroa Iriarte <naroa.iriarte@openbravo.com> [Thu, 17 Mar 2016 10:57:17 +0100] rev 29006
[pi-security-hqlinjection] Changed the name of the parameter for the implicit filter

The parameter was firstly called isFilterApplied, that was not a good name, so the
name has been changed to isImplicitFilterApplied.

Wed, 16 Mar 2016 17:56:24 +0100[pi-security-hqlinjection] _where=null supported
Naroa Iriarte <naroa.iriarte@openbravo.com> [Wed, 16 Mar 2016 17:56:24 +0100] rev 29005
[pi-security-hqlinjection] _where=null supported

Having a _where parameter with null values does not raise an error anymore.
If there is a _where parameter that is null, the where clause will be computed
the same way as when there is not any _where parameter.

Wed, 16 Mar 2016 12:30:36 +0100[pi-security-hqlinjection] The getWhereClause method used again
Naroa Iriarte <naroa.iriarte@openbravo.com> [Wed, 16 Mar 2016 12:30:36 +0100] rev 29004
[pi-security-hqlinjection] The getWhereClause method used again

Previously, the getWhereClause method that was used by the manual datasources
to append the where clause defined in the datasource to the where clause of the tab
was removed.
This has been fixed by adding the logic to get that where clause and to append it.

Tue, 15 Mar 2016 18:41:03 +0100[pi-security-hqlinjection] Fixed some incorrect behaviors at the boundaries
Naroa Iriarte <naroa.iriarte@openbravo.com> [Tue, 15 Mar 2016 18:41:03 +0100] rev 29003
[pi-security-hqlinjection] Fixed some incorrect behaviors at the boundaries

In the DataSourceServlet class, if the "filterClass" variable was hardcoded to null,
the selector filter was never done and the selectors showed too many registers.

In the DefaultDataSourceService class, in the addFetchParameters method, there was
a condition which checked if it was a selector or not and if it was not a selector, all
the logic which handles the whereClause was done. The problem was that it was possible to
send a selector parameter to jump over all the functionality and inject any wanted where.

These two cases have been fixed by creating a new parameter called "WHERE_CLAUSE_HAS_BEEN_CHECKED".
This parameter is first initialized to false in the "DataSourceServlet" and after that, if
the where is set or just checked in the "SelectorDataSourceFilter" class, it is set to true.
After, in the DefaultDataSourceService, a condition has been added. If this parameter has the
value set to "true", then it means that it is a Selector and the where clause has been set and
checked in the "SelectorDataSourceFilter", so it is not neccessary to do all the chekcs again.

This fixes the two incorrect behaviors because now, if the "filterClass" variable is set to null,
the logic of the "DefaultDataSourceService" is executed.

Tue, 15 Mar 2016 16:20:09 +0100[pi-security-hqlinjection] Change a comment
Naroa Iriarte <naroa.iriarte@openbravo.com> [Tue, 15 Mar 2016 16:20:09 +0100] rev 29002
[pi-security-hqlinjection] Change a comment

A comment has been changed.

Tue, 15 Mar 2016 11:17:17 +0100[pi-security-hqlinjection] Use of ADCS to get tab
Naroa Iriarte <naroa.iriarte@openbravo.com> [Tue, 15 Mar 2016 11:17:17 +0100] rev 29001
[pi-security-hqlinjection] Use of ADCS to get tab

In the BaseDataSourceService, the tab is now get by using ApplicationDictionaryCachedStructures.
The table id of the method "getFilterClause" is now obtained using the proxy inside the "tab" instance.

Mon, 14 Mar 2016 17:22:32 +0100[pi-security-hqlinjection] Removed unnecessary methods
Naroa Iriarte <naroa.iriarte@openbravo.com> [Mon, 14 Mar 2016 17:22:32 +0100] rev 29000
[pi-security-hqlinjection] Removed unnecessary methods

The getFilterClause and addTransactionalFilter methods of the OBViewGridComponent
class have been removed because they are not necessary anymore.

Mon, 14 Mar 2016 16:31:36 +0100[pi-security-hqlinjection] Changed a method of OB-grid
Naroa Iriarte <naroa.iriarte@openbravo.com> [Mon, 14 Mar 2016 16:31:36 +0100] rev 28999
[pi-security-hqlinjection] Changed a method of OB-grid

Changed the method "isFilterClauseApplied" of the ob-grid.js

Mon, 14 Mar 2016 15:45:43 +0100[pi-security-hqlinjection] Change the name of a method
Naroa Iriarte <naroa.iriarte@openbravo.com> [Mon, 14 Mar 2016 15:45:43 +0100] rev 28998
[pi-security-hqlinjection] Change the name of a method

The method which was the one used by the ftl to set the isFilter
boolean variable was not correctly named. The name was "getHasFielterClause"
and, as it is a method that returns a boolean, the correct name is
"isHasFilterClause".