Mon, 14 Mar 2016 09:47:53 +0100[pi-security-hqlinjection] The warn message was shown too many times
Naroa Iriarte <naroa.iriarte@openbravo.com> [Mon, 14 Mar 2016 09:47:53 +0100] rev 28997
[pi-security-hqlinjection] The warn message was shown too many times

In the Selectors, the warn message in the log was shown two times in the case of having _where and the
preference set to "Yes". This was like this because inside a private method of the class SelectorDataSourceFilter
the preference's value is checked but the warning was thrown and that was not necessary at that point because
it has been thrown previously also.

Fri, 11 Mar 2016 20:37:55 +0100[pi-security-hqlinjection] Refactor of the code which evaluates the preference
Naroa Iriarte <naroa.iriarte@openbravo.com> [Fri, 11 Mar 2016 20:37:55 +0100] rev 28996
[pi-security-hqlinjection] Refactor of the code which evaluates the preference

Refactor of the code which evaluates the preference value of the allow where parameter
preference for the non selector items. Now it is better placed because it does not depend
on the tabId sent by the client, before it did.

Fri, 11 Mar 2016 19:20:58 +0100[pi-security-hqlinjection] Unneeded brackets removed
Naroa Iriarte <naroa.iriarte@openbravo.com> [Fri, 11 Mar 2016 19:20:58 +0100] rev 28995
[pi-security-hqlinjection] Unneeded brackets removed

Unneeded brackets removed from a condition in the DefaultJsonDataService class.

Fri, 11 Mar 2016 19:18:06 +0100[pi-security-hqlinjection] Updated the copyright year
Naroa Iriarte <naroa.iriarte@openbravo.com> [Fri, 11 Mar 2016 19:18:06 +0100] rev 28994
[pi-security-hqlinjection] Updated the copyright year

The year of the copyright of some classes has been updated.

Thu, 10 Mar 2016 16:53:56 +0100[pi-security-hqlinjection] Javadoc added to the addFecthParameters method
Naroa Iriarte <naroa.iriarte@openbravo.com> [Thu, 10 Mar 2016 16:53:56 +0100] rev 28993
[pi-security-hqlinjection] Javadoc added to the addFecthParameters method

A javadoc has been added to the addFecthParameters method because now it is
part of the API.

Thu, 10 Mar 2016 14:35:33 +0100[pi-security-hqlinjection] Fixed the way of throwing obsecurity exceptions
Naroa Iriarte <naroa.iriarte@openbravo.com> [Thu, 10 Mar 2016 14:35:33 +0100] rev 28992
[pi-security-hqlinjection] Fixed the way of throwing obsecurity exceptions

The OBSecurityExceptions in the SelectorDataSourceFilter and DataSourceServlet classes
are no longer wrapped inside the same type, now, there are just thrown.

Thu, 10 Mar 2016 10:45:23 +0100[pi-security-hqlinjection] Removed an unused entity variable
Naroa Iriarte <naroa.iriarte@openbravo.com> [Thu, 10 Mar 2016 10:45:23 +0100] rev 28991
[pi-security-hqlinjection] Removed an unused entity variable

The unused entity variable of the ADAlertDataSourceService has been removed.

Thu, 10 Mar 2016 10:38:39 +0100[pi-security-hqlinjection] Fixed the unneeded if nesting
Naroa Iriarte <naroa.iriarte@openbravo.com> [Thu, 10 Mar 2016 10:38:39 +0100] rev 28990
[pi-security-hqlinjection] Fixed the unneeded if nesting

There was an uneeded if nesting in the BDSS.getWhereAndFilterClause method.
It has been fixed by using an else if.

Thu, 10 Mar 2016 10:17:18 +0100[pi-security-hqlinjection] Fixed the setAdminMode in the BDSS
Naroa Iriarte <naroa.iriarte@openbravo.com> [Thu, 10 Mar 2016 10:17:18 +0100] rev 28989
[pi-security-hqlinjection] Fixed the setAdminMode in the BDSS

The OBContext.setAdminMode(false) has been changed to OBContext.setAdminMode(true) because
in the case of the OBDal.getInstance().get(...) the client and organization filters are not
applied, so it works fine with true and it is more restrictive so, it has been changed to true.

Thu, 10 Mar 2016 09:47:03 +0100[pi-security-hqlinjection] An informative comment added
Naroa Iriarte <naroa.iriarte@openbravo.com> [Thu, 10 Mar 2016 09:47:03 +0100] rev 28988
[pi-security-hqlinjection] An informative comment added

An informative comment about the WHERE_AND_FILTER_CLAUSE constant has been added.
It was not intuitive why the constant was cleaned up. This is done because this is
the constant that will contain the where and filter clause and it must be empty at this
poin because the where and filter clauses will be set and stored there after.

Wed, 09 Mar 2016 17:12:05 +0100[pi-security-hqlinjection] The repeated constants have been reused
Naroa Iriarte <naroa.iriarte@openbravo.com> [Wed, 09 Mar 2016 17:12:05 +0100] rev 28987
[pi-security-hqlinjection] The repeated constants have been reused

There where some contants that where repeated in the BaseDataSourceService and in
the SelectorDataSourceFilter classes. Now two of them are centralized in the
DefaultDataSourceService class and they are statically called.

Wed, 09 Mar 2016 16:46:00 +0100[pi-security-hqlinjection] The "Allow_Where_Parameter" constant reused
Naroa Iriarte <naroa.iriarte@openbravo.com> [Wed, 09 Mar 2016 16:46:00 +0100] rev 28986
[pi-security-hqlinjection] The "Allow_Where_Parameter" constant reused

Tha "Allow_where_parameter" constant of CachedPreference, has been reused
in the BaseDataSourceService class.

Wed, 09 Mar 2016 16:23:32 +0100[pi-security-hqlinjection] Unneeded brackets removed from BDSS
Naroa Iriarte <naroa.iriarte@openbravo.com> [Wed, 09 Mar 2016 16:23:32 +0100] rev 28985
[pi-security-hqlinjection] Unneeded brackets removed from BDSS

In the return statement of the BaseDataSourceService.isTransactionalFilterApplied
the unneeded brackets have been removed.

Wed, 09 Mar 2016 16:08:01 +0100[pi-security-hqlinjection] DJDS isRootTab method has been improved
Naroa Iriarte <naroa.iriarte@openbravo.com> [Wed, 09 Mar 2016 16:08:01 +0100] rev 28984
[pi-security-hqlinjection] DJDS isRootTab method has been improved

The method isRootTab of the DefaultJsonDataService has been modified.

Wed, 09 Mar 2016 14:04:47 +0100[pi-security-hqlinjection] A method of DJDS improved
Naroa Iriarte <naroa.iriarte@openbravo.com> [Wed, 09 Mar 2016 14:04:47 +0100] rev 28983
[pi-security-hqlinjection] A method of DJDS improved

The is FilterApplied method of DefaultJsonDataService has been improved.

Tue, 08 Mar 2016 08:54:09 +0100[pi-security-hqlinjection] The ProductSelectorDataSourceTest has changed
Naroa Iriarte <naroa.iriarte@openbravo.com> [Tue, 08 Mar 2016 08:54:09 +0100] rev 28982
[pi-security-hqlinjection] The ProductSelectorDataSourceTest has changed

The ProductSelectorDataSourceTest test was using the _where parameter which now it is not
allowed so, now a criteria has been put instead.

Mon, 07 Mar 2016 14:43:48 +0100[pi-security-hqlinjection] data.whereClause removed from ftl
Naroa Iriarte <naroa.iriarte@openbravo.com> [Mon, 07 Mar 2016 14:43:48 +0100] rev 28981
[pi-security-hqlinjection] data.whereClause removed from ftl

The "selector-as-link" ftl was invoking the getWhereClause method of the "SelectorComponent" class.
That method has been deleted because it was no longe used by the selectors. So, to fix this, every
call from the ftl have been removed.

Fri, 04 Mar 2016 11:16:51 +0100[pi-security-hqlinjection] Tests improved
Naroa Iriarte <naroa.iriarte@openbravo.com> [Fri, 04 Mar 2016 11:16:51 +0100] rev 28980
[pi-security-hqlinjection] Tests improved

Tests have been improved.

Thu, 03 Mar 2016 21:45:05 +0100[pi-security-hqlinjection] Comment deleted
Naroa Iriarte <naroa.iriarte@openbravo.com> [Thu, 03 Mar 2016 21:45:05 +0100] rev 28979
[pi-security-hqlinjection] Comment deleted

A comment has been deleted.

Thu, 03 Mar 2016 21:26:22 +0100[pi-security-hqlinjection] Preference added
Naroa Iriarte <naroa.iriarte@openbravo.com> [Thu, 03 Mar 2016 21:26:22 +0100] rev 28978
[pi-security-hqlinjection] Preference added

The code which handles the allow where parameter preference has been added.
Now, if it comes a _where parameter and the preference is set to Y, this where
clause will be taken into account. If a _where parameter comes but the preference
is N or it is undefined, a exception is thrown.

Thu, 03 Mar 2016 09:41:01 +0100[pi-security-hqlinjection] Merge with latest pi
Naroa Iriarte <naroa.iriarte@openbravo.com> [Thu, 03 Mar 2016 09:41:01 +0100] rev 28977
[pi-security-hqlinjection] Merge with latest pi

Thu, 03 Mar 2016 09:18:54 +0100[pi-security-hqlinjection] Code cleaning
Naroa Iriarte <naroa.iriarte@openbravo.com> [Thu, 03 Mar 2016 09:18:54 +0100] rev 28976
[pi-security-hqlinjection] Code cleaning

Wed, 02 Mar 2016 12:33:11 +0100[pi-security-hqlinjection] Code changes to fix Action regarding selector
Naroa Iriarte <naroa.iriarte@openbravo.com> [Wed, 02 Mar 2016 12:33:11 +0100] rev 28975
[pi-security-hqlinjection] Code changes to fix Action regarding selector

The SelectorDataSourceFilter class was not working properly, it was only
taking into account the whereClauses when the selector had a filter expression.
Every selector does not have a filter expression, so, it was not working in that cases.
Now this is taken into account and when the selector has no filter expression, the
hql where clause is taken.

Wed, 02 Mar 2016 12:24:09 +0100[pi-security-hqlinjection] A test has been created
Naroa Iriarte <naroa.iriarte@openbravo.com> [Wed, 02 Mar 2016 12:24:09 +0100] rev 28974
[pi-security-hqlinjection] A test has been created

A parameterized test has been created to test the correct behavior of
the project.

Tue, 01 Mar 2016 10:46:25 +0100[pi-security-hqlinjection] Create a new parameter
Naroa Iriarte <naroa.iriarte@openbravo.com> [Tue, 01 Mar 2016 10:46:25 +0100] rev 28973
[pi-security-hqlinjection] Create a new parameter

A new parameter has been created to contain the where clause.

Fri, 26 Feb 2016 09:54:08 +0100[pi-security-hqlinjection] Merge with pi
Naroa Iriarte <naroa.iriarte@openbravo.com> [Fri, 26 Feb 2016 09:54:08 +0100] rev 28972
[pi-security-hqlinjection] Merge with pi

Fri, 19 Feb 2016 12:00:47 +0100[pi-security-hqlinjection] Added the new WHERE_AND_FILTER_CLAUSE
Naroa Iriarte <naroa.iriarte@openbravo.com> [Fri, 19 Feb 2016 12:00:47 +0100] rev 28971
[pi-security-hqlinjection] Added the new WHERE_AND_FILTER_CLAUSE

The new WHERE_AND_FILTER_CLAUSE parameter has been added to handle the where and filter clause.

Wed, 17 Feb 2016 18:09:30 +0100[pi-security-hqlinjection] Changed a logic added before
Naroa Iriarte <naroa.iriarte@openbravo.com> [Wed, 17 Feb 2016 18:09:30 +0100] rev 28970
[pi-security-hqlinjection] Changed a logic added before

Before, a logic in the AdvancedQueryBuilder was added to handle the behavior of
the selectors. The tested selector was the "Action Regarding Document" of the "Add Details"
popup of the "Payment In window". With this fix, the selector worked fine and showed only the
expected value. But this fix was breaking the behavior of the FK dorpdaows, for example the dropdown
of the "Produc"t selector popup of the "lines" subtab of the "Sales Order" window was broken with this fix.
So, the fix has been reverted.

Tue, 16 Feb 2016 20:00:21 +0100[pi-security-hqlinjection] Merge with pi
Naroa Iriarte <naroa.iriarte@openbravo.com> [Tue, 16 Feb 2016 20:00:21 +0100] rev 28969
[pi-security-hqlinjection] Merge with pi

Tue, 16 Feb 2016 19:46:07 +0100[pi-security-hqlinjection] Improved the isTransactionalFilterApplied method
Naroa Iriarte <naroa.iriarte@openbravo.com> [Tue, 16 Feb 2016 19:46:07 +0100] rev 28968
[pi-security-hqlinjection] Improved the isTransactionalFilterApplied method


Improved the BaseDataSourceService.isTransactionalFilterApplied method.