midsuit
/
core-jgi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

IDEMPIERE-933 Window Customization Security Hole

This commit is contained in:
Richard Morales 2013-05-29 17:10:16 -05:00
parent 279074aab1
commit 4ec7c5e0e2
3 changed files with 45 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
migration/i1.0b-release/oracle/201305171202_IDEMPIERE-933.sql Normal file
View File

@ -0,0 +1,13 @@
-- May 17, 2013 11:59:06 AM COT
-- IDEMPIERE-933 Window Customization Security Hole
INSERT INTO AD_Message (MsgType,MsgText,AD_Message_ID,EntityType,AD_Message_UU,Value,IsActive,Updated,CreatedBy,UpdatedBy,AD_Org_ID,Created,AD_Client_ID) VALUES ('I','The reference of an encripted field cannot be changed
',200175,'D','f09382d4-62bb-48a8-abb9-d71ec5fbc5fe','NotChangeReference','Y',TO_DATE('2013-05-17 11:59:05','YYYY-MM-DD HH24:MI:SS'),100,100,0,TO_DATE('2013-05-17 11:59:05','YYYY-MM-DD HH24:MI:SS'),0)
;
-- May 17, 2013 11:59:06 AM COT
-- IDEMPIERE-933 Window Customization Security Hole
INSERT INTO AD_Message_Trl (AD_Language,AD_Message_ID, MsgText,MsgTip, IsTranslated,AD_Client_ID,AD_Org_ID,Created,Createdby,Updated,UpdatedBy,AD_Message_Trl_UU ) SELECT l.AD_Language,t.AD_Message_ID, t.MsgText,t.MsgTip, 'N',t.AD_Client_ID,t.AD_Org_ID,t.Created,t.Createdby,t.Updated,t.UpdatedBy,Generate_UUID() FROM AD_Language l, AD_Message t WHERE l.IsActive='Y' AND l.IsSystemLanguage='Y' AND l.IsBaseLanguage='N' AND t.AD_Message_ID=200175 AND NOT EXISTS (SELECT * FROM AD_Message_Trl tt WHERE tt.AD_Language=l.AD_Language AND tt.AD_Message_ID=t.AD_Message_ID)
;
SELECT register_migration_script('201305171202_IDEMPIERE-933.sql') FROM dual
;

14
migration/i1.0b-release/postgresql/201305171202_IDEMPIERE-933.sql Normal file
View File

@ -0,0 +1,14 @@
-- May 17, 2013 11:59:06 AM COT
-- IDEMPIERE-933 Window Customization Security Hole
INSERT INTO AD_Message (MsgType,MsgText,AD_Message_ID,EntityType,AD_Message_UU,Value,IsActive,Updated,CreatedBy,UpdatedBy,AD_Org_ID,Created,AD_Client_ID) VALUES ('I','The reference of an encripted field cannot be changed
',200175,'D','f09382d4-62bb-48a8-abb9-d71ec5fbc5fe','NotChangeReference','Y',TO_TIMESTAMP('2013-05-17 11:59:05','YYYY-MM-DD HH24:MI:SS'),100,100,0,TO_TIMESTAMP('2013-05-17 11:59:05','YYYY-MM-DD HH24:MI:SS'),0)
;
-- May 17, 2013 11:59:06 AM COT
-- IDEMPIERE-933 Window Customization Security Hole
INSERT INTO AD_Message_Trl (AD_Language,AD_Message_ID, MsgText,MsgTip, IsTranslated,AD_Client_ID,AD_Org_ID,Created,Createdby,Updated,UpdatedBy,AD_Message_Trl_UU ) SELECT l.AD_Language,t.AD_Message_ID, t.MsgText,t.MsgTip, 'N',t.AD_Client_ID,t.AD_Org_ID,t.Created,t.Createdby,t.Updated,t.UpdatedBy,Generate_UUID() FROM AD_Language l, AD_Message t WHERE l.IsActive='Y' AND l.IsSystemLanguage='Y' AND l.IsBaseLanguage='N' AND t.AD_Message_ID=200175 AND NOT EXISTS (SELECT * FROM AD_Message_Trl tt WHERE tt.AD_Language=l.AD_Language AND tt.AD_Message_ID=t.AD_Message_ID)
;
SELECT register_migration_script('201305171202_IDEMPIERE-933.sql') FROM dual
;

18
org.adempiere.base/src/org/compiere/model/MUserDefField.java
View File

@ -20,6 +20,7 @@ import java.util.logging.Level;
import org.compiere.util.CLogger;
import org.compiere.util.DB;
import org.compiere.util.Msg;
/**
@ -116,5 +117,22 @@ public class MUserDefField extends X_AD_UserDef_Field
return retValue;
}
/**
* Before Save
* @param newRecord new
* @return true
*/
protected boolean beforeSave (boolean newRecord)
{
if (is_ValueChanged("AD_Reference_ID")){
MField field = new MField(getCtx(), getAD_Field_ID(), get_TrxName());
if (field.isEncrypted()){
log.saveError("SaveError", Msg.getMsg(getCtx(), "NotChangeReference"));
return false;
}
}
return true;
}
} // MyModelExample