IDEMPIERE-933 Window Customization Security Hole

This commit is contained in:
Carlos Ruiz 2013-05-29 17:17:41 -05:00
parent 4ec7c5e0e2
commit ef037df1b1
3 changed files with 12 additions and 12 deletions

View File

@ -1,7 +1,6 @@
-- May 17, 2013 11:59:06 AM COT
-- IDEMPIERE-933 Window Customization Security Hole
INSERT INTO AD_Message (MsgType,MsgText,AD_Message_ID,EntityType,AD_Message_UU,Value,IsActive,Updated,CreatedBy,UpdatedBy,AD_Org_ID,Created,AD_Client_ID) VALUES ('I','The reference of an encripted field cannot be changed
',200175,'D','f09382d4-62bb-48a8-abb9-d71ec5fbc5fe','NotChangeReference','Y',TO_DATE('2013-05-17 11:59:05','YYYY-MM-DD HH24:MI:SS'),100,100,0,TO_DATE('2013-05-17 11:59:05','YYYY-MM-DD HH24:MI:SS'),0)
INSERT INTO AD_Message (MsgType,MsgText,AD_Message_ID,EntityType,AD_Message_UU,Value,IsActive,Updated,CreatedBy,UpdatedBy,AD_Org_ID,Created,AD_Client_ID) VALUES ('I','The reference of an encrypted field cannot be changed',200175,'D','f09382d4-62bb-48a8-abb9-d71ec5fbc5fe','NotChangeReference','Y',TO_DATE('2013-05-17 11:59:05','YYYY-MM-DD HH24:MI:SS'),100,100,0,TO_DATE('2013-05-17 11:59:05','YYYY-MM-DD HH24:MI:SS'),0)
;
-- May 17, 2013 11:59:06 AM COT

View File

@ -1,7 +1,6 @@
-- May 17, 2013 11:59:06 AM COT
-- IDEMPIERE-933 Window Customization Security Hole
INSERT INTO AD_Message (MsgType,MsgText,AD_Message_ID,EntityType,AD_Message_UU,Value,IsActive,Updated,CreatedBy,UpdatedBy,AD_Org_ID,Created,AD_Client_ID) VALUES ('I','The reference of an encripted field cannot be changed
',200175,'D','f09382d4-62bb-48a8-abb9-d71ec5fbc5fe','NotChangeReference','Y',TO_TIMESTAMP('2013-05-17 11:59:05','YYYY-MM-DD HH24:MI:SS'),100,100,0,TO_TIMESTAMP('2013-05-17 11:59:05','YYYY-MM-DD HH24:MI:SS'),0)
INSERT INTO AD_Message (MsgType,MsgText,AD_Message_ID,EntityType,AD_Message_UU,Value,IsActive,Updated,CreatedBy,UpdatedBy,AD_Org_ID,Created,AD_Client_ID) VALUES ('I','The reference of an encrypted field cannot be changed',200175,'D','f09382d4-62bb-48a8-abb9-d71ec5fbc5fe','NotChangeReference','Y',TO_TIMESTAMP('2013-05-17 11:59:05','YYYY-MM-DD HH24:MI:SS'),100,100,0,TO_TIMESTAMP('2013-05-17 11:59:05','YYYY-MM-DD HH24:MI:SS'),0)
;
-- May 17, 2013 11:59:06 AM COT

View File

@ -14,8 +14,10 @@
*****************************************************************************/
package org.compiere.model;
import java.sql.*;
import java.util.*;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Properties;
import java.util.logging.Level;
import org.compiere.util.CLogger;
@ -33,8 +35,7 @@ public class MUserDefField extends X_AD_UserDef_Field
/**
*
*/
private static final long serialVersionUID = 20120403114400L;
private static final long serialVersionUID = 2522038599257589829L;
/**
* Standard constructor.
@ -125,14 +126,15 @@ public class MUserDefField extends X_AD_UserDef_Field
*/
protected boolean beforeSave (boolean newRecord)
{
if (is_ValueChanged("AD_Reference_ID")){
if (is_ValueChanged("AD_Reference_ID")) {
MField field = new MField(getCtx(), getAD_Field_ID(), get_TrxName());
if (field.isEncrypted()){
log.saveError("SaveError", Msg.getMsg(getCtx(), "NotChangeReference"));
MColumn column = (MColumn) field.getAD_Column();
if (column.isEncrypted() || field.isEncrypted() || field.getObscureType() != null) {
log.saveError("Error", Msg.getMsg(getCtx(), "NotChangeReference"));
return false;
}
}
return true;
}
} // MyModelExample
} // MUserDefField