IDEMPIERE-933 Window Customization Security Hole

2013-05-29 17:17:41 -05:00 · 2013-05-29 17:17:41 -05:00 · ef037df1b1
parent 4ec7c5e0e2
commit ef037df1b1
3 changed files with 12 additions and 12 deletions
--- a/migration/i1.0b-release/oracle/201305171202_IDEMPIERE-933.sql
+++ b/migration/i1.0b-release/oracle/201305171202_IDEMPIERE-933.sql
@ -1,7 +1,6 @@
 -- May 17, 2013 11:59:06 AM COT
 -- IDEMPIERE-933 Window Customization Security Hole
-INSERT INTO AD_Message (MsgType,MsgText,AD_Message_ID,EntityType,AD_Message_UU,Value,IsActive,Updated,CreatedBy,UpdatedBy,AD_Org_ID,Created,AD_Client_ID) VALUES ('I','The reference of an encripted field cannot be changed
+INSERT INTO AD_Message (MsgType,MsgText,AD_Message_ID,EntityType,AD_Message_UU,Value,IsActive,Updated,CreatedBy,UpdatedBy,AD_Org_ID,Created,AD_Client_ID) VALUES ('I','The reference of an encrypted field cannot be changed',200175,'D','f09382d4-62bb-48a8-abb9-d71ec5fbc5fe','NotChangeReference','Y',TO_DATE('2013-05-17 11:59:05','YYYY-MM-DD HH24:MI:SS'),100,100,0,TO_DATE('2013-05-17 11:59:05','YYYY-MM-DD HH24:MI:SS'),0)
 ',200175,'D','f09382d4-62bb-48a8-abb9-d71ec5fbc5fe','NotChangeReference','Y',TO_DATE('2013-05-17 11:59:05','YYYY-MM-DD HH24:MI:SS'),100,100,0,TO_DATE('2013-05-17 11:59:05','YYYY-MM-DD HH24:MI:SS'),0)
 ;
 -- May 17, 2013 11:59:06 AM COT
--- a/migration/i1.0b-release/postgresql/201305171202_IDEMPIERE-933.sql
+++ b/migration/i1.0b-release/postgresql/201305171202_IDEMPIERE-933.sql
@ -1,7 +1,6 @@
 -- May 17, 2013 11:59:06 AM COT
 -- IDEMPIERE-933 Window Customization Security Hole
-INSERT INTO AD_Message (MsgType,MsgText,AD_Message_ID,EntityType,AD_Message_UU,Value,IsActive,Updated,CreatedBy,UpdatedBy,AD_Org_ID,Created,AD_Client_ID) VALUES ('I','The reference of an encripted field cannot be changed
+INSERT INTO AD_Message (MsgType,MsgText,AD_Message_ID,EntityType,AD_Message_UU,Value,IsActive,Updated,CreatedBy,UpdatedBy,AD_Org_ID,Created,AD_Client_ID) VALUES ('I','The reference of an encrypted field cannot be changed',200175,'D','f09382d4-62bb-48a8-abb9-d71ec5fbc5fe','NotChangeReference','Y',TO_TIMESTAMP('2013-05-17 11:59:05','YYYY-MM-DD HH24:MI:SS'),100,100,0,TO_TIMESTAMP('2013-05-17 11:59:05','YYYY-MM-DD HH24:MI:SS'),0)
 ',200175,'D','f09382d4-62bb-48a8-abb9-d71ec5fbc5fe','NotChangeReference','Y',TO_TIMESTAMP('2013-05-17 11:59:05','YYYY-MM-DD HH24:MI:SS'),100,100,0,TO_TIMESTAMP('2013-05-17 11:59:05','YYYY-MM-DD HH24:MI:SS'),0)
 ;
 -- May 17, 2013 11:59:06 AM COT
--- a/org.adempiere.base/src/org/compiere/model/MUserDefField.java
+++ b/org.adempiere.base/src/org/compiere/model/MUserDefField.java
@ -14,8 +14,10 @@
 *****************************************************************************/
 package org.compiere.model;
-import java.sql.*;
+import java.sql.PreparedStatement;
-import java.util.*;
+import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.util.Properties;
 import java.util.logging.Level;
 import org.compiere.util.CLogger;
@ -33,8 +35,7 @@ public class MUserDefField extends X_AD_UserDef_Field
 	/**
 	 * 
 	 */
-	private static final long serialVersionUID = 20120403114400L;
+	private static final long serialVersionUID = 2522038599257589829L;
 	/**
 	 * 	Standard constructor.
@ -125,14 +126,15 @@ public class MUserDefField extends X_AD_UserDef_Field
 	 */
 	protected boolean beforeSave (boolean newRecord)
 	{
-		if (is_ValueChanged("AD_Reference_ID")){
+		if (is_ValueChanged("AD_Reference_ID")) {
 			MField field = new MField(getCtx(), getAD_Field_ID(), get_TrxName());
-			if (field.isEncrypted()){
+			MColumn column = (MColumn) field.getAD_Column();
-				log.saveError("SaveError", Msg.getMsg(getCtx(), "NotChangeReference"));
+			if (column.isEncrypted() || field.isEncrypted() || field.getObscureType() != null) {
 				log.saveError("Error", Msg.getMsg(getCtx(), "NotChangeReference"));
 				return false;
 			}
 		}
 		return true;
 	}
-}	//	MyModelExample
+}	//	MUserDefField