entando / entando-core Goto Github PK

The entando-core is the repository of the Entando App Engine for Entando 5.X and is the heart of the Entando Platform by providing the primary out-of-the-box services for developing applications.

Home Page: https://dev.entando.org

License: GNU Lesser General Public License v3.0

Java 89.79% JavaScript 3.37% HTML 0.04% CSS 5.42% FreeMarker 0.14% PLSQL 1.14% TSQL 0.10%

entando-platform java hacktoberfest

entando-core's Introduction

entando-core

For more information and documentation visit: https://dev.entando.org, or https://forum.entando.org. Or for the latest news or product information please visit the main website: https://www.entando.com.

entando-core's People

Contributors

Stargazers

Watchers

entando-core's Issues

encode sensitive data when storing in database

There are some sensitive data being stored as clear text in xml format on DB.

Fresh installation

I have a problem with installation and i tried to connect with Entando company, but no one is answering and i don't know why.
I'm trying to install fresh piece but there is no widget and plugin in it,i have connected console to freshly data base, update Entando version 5.1.0 core,component and archetype into maven and then locally run it but its completely blank console.
need help...

Unable to compile&start

Following Getting Started tutorial I was not able to compile & run with
mvn clean jetty:run
I studied logs & found out issues: it was related to lacking of some libraries in JAVA and OPENJDK since 9 version of JAVA; my environment was
openjdk version "13.0.1" 2019-10-15
OpenJDK Runtime Environment (build 13.0.1+9-Ubuntu-218.04)
OpenJDK 64-Bit Server VM (build 13.0.1+9-Ubuntu-218.04, mixed mode)
I added these dependencies in my pom.xml

org.glassfish.jaxb jaxb-runtime 2.3.2 javax.xml.bind jaxb-api 2.3.0 javax.xml.ws jaxws-api 2.2 And I started succesfully project. Perhaps you would perform some compatibility test with many JVM Regards, mKm

UnmarshalException unmarshalling xml with utf-8

into ActivityStreamInfoDOM the method to unmarshal the ActivityStreamInfo throw an UnmarshalException if exist utf-8 characters (in the title of the Page edited, for example).

ByteArrayInputStream is = new ByteArrayInputStream(xml.getBytes());

should be better to use UTF-8, when you create the byte array, so
ByteArrayInputStream is = new ByteArrayInputStream(xml.getBytes("UTF-8"));

Maybe others getBytes exist, ex. SolrConfigDOM

Errore in startup jetty

versione: latetest from git.
os: debian 8.8 64bit
Java version: 1.8.0_131, vendor: Oracle Corporation
Apache Maven 3.3.9
Apache Ant(TM) version 1.9.9 compiled on March 1 2017

eseguito installazione come da wikis:
https://github.com/entando/entando-core/wiki/Download-the-latest-source-code
https://github.com/entando/entando-core/wiki/Getting-Started

all'accesso dal link: localhost:8080 cè il redirect a: localhost:8080/cportal e torna:
HTTP ERROR: 503
Problem accessing /cportal. Reason:
Service Unavailable
Powered by Jetty://

allo startup del portale tramite comando: mvn clean jetty:run, torna il seguente warning:
Failed startup of context o.m.j.p.JettyWebAppContext{/cportal,[file:/opt/entando/entando-core/cportal/src/main/webapp/, file:/opt/entando/entando-core/cportal/target/tmp/entando-misc-less-4_2_0-TP1_war/, file:/opt/entando/entando-core/cportal/target/tmp/entando-misc-bootstrap-4_2_0-TP1_war/, file:/opt/entando/entando-core/cportal/target/tmp/entando-page-bootstrap-hero-4_2_0-TP1_war/, file:/opt/entando/entando-core/cportal/target/tmp/entando-admin-console-4_2_0-TP1_war/, file:/opt/entando/entando-core/cportal/target/tmp/entando-portal-ui-4_2_0-TP1_war/]},file:/opt/entando/entando-core/cportal/src/main/webapp/ java.lang.IllegalStateException: Duplicate fragment name: spring_web for jar:file:/root/.m2/repository/org/springframework/spring-web/4.0.6.RELEASE/spring-web-4.0.6.RELEASE.jar!/META-INF/web-fragment.xml and jar:file:/opt/entando/entando-core/cportal/target/tmp/entando-admin-console-4_2_0-TP1_war/WEB-INF/lib/spring-web-4.0.6.RELEASE.jar!/META-INF/web-fragment.xml

doppie referenze pagine/widget

Se si prova a cancellare un modello di pagina in uso, l'avviso con la lista delle pagine referenziate contiene due volte le stesse pagine.
Così anche per altre schermate simili, come il Dettaglio di un modello di pagina.

Accade anche sulla pagina di info di un Widget, dove le pagine che le contengono sono doppie.

Entando tag 4.3.1

Guifragments: error in Default Gui Code renderization and form submit

In UX Pattern > Fragments > Edit fragment, the default gui code template is not properly escaped.
Furthermore user can not update gui template, because the form submit button does not work: viewing the DOM you can notice that the submit button is exteral to the <form> tag.

Entando community v.4.2.0 error startup with Oracle 11g

#41

In my 'filter' file i have configured these parameters:

profile.database.hostname=xx.xx.xx.xx
profile.database.port=1521
profile.database.username=username
profile.database.password=password

profile.database.driverClassName=oracle.jdbc.driver.OracleDriver
profile.database.url.portdb=jdbc:oracle:thin:@${profile.database.hostname}:${profile.database.port}:${profile.application.name}PortDev
profile.database.url.servdb=jdbc:oracle:thin:@${profile.database.hostname}:${profile.database.port}:${profile.application.name}ServDev

We received the following error during the 'InitializerManager' bean creation, in the cms startup (the bean is defined in class path resource spring/baseSystemConfig.xml):

Grave: Exception sending context initialized event to listener instance of class org.entando.entando.aps.servlet.StartupListener
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'InitializerManager' defined in class path resource [spring/baseSystemConfig.xml]: Invocation of init method failed; nested exception is java.lang.Exception: Error while initializating Db Installer
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1566)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:539)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:755)
    at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:757)
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:480)
    at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:403)
    at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:306)
    at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:106)
    at org.entando.entando.aps.servlet.StartupListener.contextInitialized(StartupListener.java:30)
    at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5003)
    at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5517)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1574)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1564)
    at java.util.concurrent.FutureTask.run(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.Exception: Error while initializating Db Installer
    at org.entando.entando.aps.system.init.InitializerManager.init(InitializerManager.java:49)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1694)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1633)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1562)
    ... 22 more
Caused by: java.lang.Exception: Error while initializating Db Installer
    at org.entando.entando.aps.system.init.DatabaseManager.installDatabase(DatabaseManager.java:108)
    at org.entando.entando.aps.system.init.InitializerManager.init(InitializerManager.java:45)
    ... 29 more
Caused by: com.agiletec.aps.system.exception.ApsSystemException: Error initializating master DefaultResource
    at org.entando.entando.aps.system.init.DatabaseManager.initMasterDefaultResource(DatabaseManager.java:318)
    at org.entando.entando.aps.system.init.DatabaseManager.installDatabase(DatabaseManager.java:89)
    ... 30 more
Caused by: com.agiletec.aps.system.exception.ApsSystemException: Error executing script into db portDataSource
    at org.entando.entando.aps.system.init.util.TableDataUtils.valueDatabase(TableDataUtils.java:67)
    at org.entando.entando.aps.system.init.DatabaseManager.initMasterDefaultResource(DatabaseManager.java:301)
    ... 31 more
Caused by: com.agiletec.aps.system.exception.ApsSystemException: Error executing script - QUERY:
INSERT INTO guifragment (code, widgettypecode, plugincode, gui, defaultgui, locked) VALUES ('userprofile_is_IteratorAttribute', NULL, NULL, NULL, '<#assign c=JspTaglibs["http://java.sun.com/jsp/jstl/core"]>
<#assign s=JspTaglibs["/struts-tags"]>
<#assign wp=JspTaglibs["/aps-core"]>
<#assign wpsa=JspTaglibs["/apsadmin-core"]>
<#assign wpsf=JspTaglibs["/apsadmin-form"]>
<#assign i18n_attribute_name ><@s.property value="#i18n_attribute_name" /></#assign>
<@s.if test="#attribute.type == ''Boolean''">
    <div class="control-group <@s.property value="%{'' attribute-type-''+#attribute.type+'' ''}" />">
        <label class="control-label">
            <@wp.i18n key="${i18n_attribute_name}" />
            <@wp.fragment code="userprofile_is_front_AttributeInfo" escapeXml=false />  
        </label>
        <div class="controls">
            <@wp.fragment code="userprofile_is_front-BooleanAttribute" escapeXml=false />
            <@wp.fragment code="userprofile_is_front_attributeInfo-help-block" escapeXml=false />
        </div>
    </div>
</@s.if>
<@s.elseif test="#attribute.type == ''CheckBox''">
    <div class="control-group <@s.property value="%{'' attribute-type-''+#attribute.type+'' ''}" />">
        <label class="control-label" for="<@s.property value="#attribute_id" />">
            <@wp.i18n key="${i18n_attribute_name}" />
            <@wp.fragment code="userprofile_is_front_AttributeInfo" escapeXml=false /> 
        </label>
        <div class="controls">
            <@wp.fragment code="userprofile_is_front-CheckboxAttribute" escapeXml=false />
            <@wp.fragment code="userprofile_is_front_attributeInfo-help-block" escapeXml=false />
        </div>
    </div>
</@s.elseif>    
<@s.elseif test="#attribute.type == ''Composite''">
    <div class="well well-small">
        <fieldset class=" <@s.property value="%{'' attribute-type-''+#attribute.type+'' ''}" />">
            <legend class="margin-medium-top">
                <@wp.i18n key="${i18n_attribute_name}" />
                <@wp.fragment code="userprofile_is_front_AttributeInfo" escapeXml=false />
            </legend>
            <@wp.fragment code="userprofile_is_front_attributeInfo-help-block" escapeXml=false />
            <@wp.fragment code="userprofile_is_front-CompositeAttribute" escapeXml=false />
        </fieldset>
    </div>
</@s.elseif>
<@s.elseif test="#attribute.type == ''Date''">
    <div class="control-group <@s.property value="%{'' attribute-type-''+#attribute.type+'' ''}" />">
        <label class="control-label" for="<@s.property value="#attribute_id" />">
            <@wp.i18n key="${i18n_attribute_name}" />
            <@wp.fragment code="userprofile_is_front_AttributeInfo" escapeXml=false /> 
        </label>
        <div class="controls">
            <@wp.fragment code="userprofile_is_front-DateAttribute" escapeXml=false /> 
            <@wp.fragment code="userprofile_is_front_attributeInfo-help-block" escapeXml=false />
        </div>
    </div>
</@s.elseif>
<@s.elseif test="#attribute.type == ''Enumerator''">
    <div class="control-group <@s.property value="%{'' attribute-type-''+#attribute.type+'' ''}" />">
        <label class="control-label" for="<@s.property value="#attribute_id" />">
            <@wp.i18n key="${i18n_attribute_name}" />
            <@wp.fragment code="userprofile_is_front_AttributeInfo" escapeXml=false /> 
        </label>
        <div class="controls">
            <@wp.fragment code="userprofile_is_front-EnumeratorAttribute" escapeXml=false /> 
            <@wp.fragment code="userprofile_is_front_attributeInfo-help-block" escapeXml=false />
        </div>
    </div>
</@s.elseif>
<@s.elseif test="#attribute.type == ''EnumeratorMap''">
    <div class="control-group <@s.property value="%{'' attribute-type-''+#attribute.type+'' ''}" />">
        <label class="control-label" for="<@s.property value="#attribute_id" />">
            <@wp.i18n key="${i18n_attribute_name}" />
            <@wp.fragment code="userprofile_is_front_AttributeInfo" escapeXml=false /> 
        </label>
        <div class="controls">
            <@wp.fragment code="userprofile_is_front-EnumeratorMapAttribute" escapeXml=false /> 
            <@wp.fragment code="userprofile_is_front_attributeInfo-help-block" escapeXml=false />
        </div>
    </div>
</@s.elseif>
<@s.elseif test="#attribute.type == ''Hypertext''">
    <div class="control-group <@s.property value="%{'' attribute-type-''+#attribute.type+'' ''}" />">
        <label class="control-label" for="<@s.property value="#attribute_id" />">
            <@wp.i18n key="${i18n_attribute_name}" />
            <@wp.fragment code="userprofile_is_front_AttributeInfo" escapeXml=false /> 
        </label>
        <div class="controls">
            <@wp.fragment code="userprofile_is_front-HypertextAttribute" escapeXml=false /> 
            <@wp.fragment code="userprofile_is_front_attributeInfo-help-block" escapeXml=false />
        </div>
    </div>
</@s.elseif>
<@s.elseif test="#attribute.type == ''List''">
    <div class="well well-small">
        <fieldset class=" <@s.property value="%{'' attribute-type-''+#attribute.type+'' ''}" />">
            <legend class="margin-medium-top">
                <@wp.i18n key="${i18n_attribute_name}" />
                    <@wp.fragment code="userprofile_is_front_AttributeInfo" escapeXml=false />          
            </legend>
            <@wp.fragment code="userprofile_is_front_attributeInfo-help-block" escapeXml=false />
            <@wp.fragment code="userprofile_is_front-MonolistAttribute" escapeXml=false /> 
        </fieldset>
    </div>
</@s.elseif>
<@s.elseif test="#attribute.type == ''Longtext''">
    <div class="control-group <@s.property value="%{'' attribute-type-''+#attribute.type+'' ''}" />">
        <label class="control-label" for="<@s.property value="#attribute_id" />">
            <@wp.i18n key="${i18n_attribute_name}" />
            <@wp.fragment code="userprofile_is_front_AttributeInfo" escapeXml=false />
        </label>
        <div class="controls">
            <@wp.fragment code="userprofile_is_front-LongtextAttribute" escapeXml=false />          
            <@wp.fragment code="userprofile_is_front_attributeInfo-help-block" escapeXml=false />
        </div>
    </div>
</@s.elseif>
<@s.elseif test="#attribute.type == ''Monolist''">
    <div class="well well-small">
        <fieldset class=" <@s.property value="%{'' attribute-type-''+#attribute.type+'' ''}" />">
            <legend class="margin-medium-top"><@wp.i18n key="${i18n_attribute_name}" />
                <@wp.fragment code="userprofile_is_front_AttributeInfo" escapeXml=false />
            </legend>
            <@wp.fragment code="userprofile_is_front_attributeInfo-help-block" escapeXml=false />
            <@wp.fragment code="userprofile_is_front-MonolistAttribute" escapeXml=false />      
        </fieldset>
    </div>
</@s.elseif>
<@s.elseif test="#attribute.type == ''Monotext''">
    <div class="control-group <@s.property value="%{'' attribute-type-''+#attribute.type+'' ''}" />">
        <label class="control-label" for="<@s.property value="#attribute_id" />">
            <@wp.i18n key="${i18n_attribute_name}" />
            <@wp.fragment code="userprofile_is_front_AttributeInfo" escapeXml=false /> 
        </label>
        <div class="controls">
            <@wp.fragment code="userprofile_is_front-MonotextAttribute" escapeXml=false />
            <@wp.fragment code="userprofile_is_front_attributeInfo-help-block" escapeXml=false />
        </div>
    </div>
</@s.elseif>
<@s.elseif test="#attribute.type == ''Number''">
    <div class="control-group <@s.property value="%{'' attribute-type-''+#attribute.type+'' ''}" />">
        <label class="control-label" for="<@s.property value="#attribute_id" />">
            <@wp.i18n key="${i18n_attribute_name}" />
            <@wp.fragment code="userprofile_is_front_AttributeInfo" escapeXml=false />          
        </label>
        <div class="controls">
            <@wp.fragment code="userprofile_is_front-NumberAttribute" escapeXml=false />
            <@wp.fragment code="userprofile_is_front_attributeInfo-help-block" escapeXml=false />
        </div>
    </div>
</@s.elseif>
<@s.elseif test="#attribute.type == ''Text''">
    <div class="control-group <@s.property value="%{'' attribute-type-''+#attribute.type+'' ''}" />">
        <label class="control-label" for="<@s.property value="#attribute_id" />">
            <@wp.i18n key="${i18n_attribute_name}" />
            <@wp.fragment code="userprofile_is_front_AttributeInfo" escapeXml=false /> 
        </label>
        <div class="controls">
            <@wp.fragment code="userprofile_is_front-MonotextAttribute" escapeXml=false />
            <@wp.fragment code="userprofile_is_front_attributeInfo-help-block" escapeXml=false />
        </div>
    </div>
</@s.elseif>
<@s.elseif test="#attribute.type == ''ThreeState''">
    <div class="control-group <@s.property value="%{'' attribute-type-''+#attribute.type+'' ''}" />">
        <label class="control-label" for="<@s.property value="#attribute_id" />">
            <@wp.i18n key="${i18n_attribute_name}" />
            <@wp.fragment code="userprofile_is_front_AttributeInfo" escapeXml=false /> 
        </label>
        <div class="controls">
            <@wp.fragment code="userprofile_is_front-ThreeStateAttribute" escapeXml=false />
            <@wp.fragment code="userprofile_is_front_attributeInfo-help-block" escapeXml=false />
        </div>
    </div>
</@s.elseif>
<@s.else> <#-- for all other types, insert a simple label and a input[type="text"] -->
    <div class="control-group <@s.property value="%{'' attribute-type-''+#attribute.type+'' ''}" />">
        <label class="control-label" for="<@s.property value="attribute_id" />">
            <@wp.i18n key="${i18n_attribute_name}" />
            <@wp.fragment code="userprofile_is_front_AttributeInfo" escapeXml=false /> 
        </label>
        <div class="controls">
            <@wp.fragment code="userprofile_is_front-MonotextAttribute" escapeXml=false />
            <@wp.fragment code="userprofile_is_front_attributeInfo-help-block" escapeXml=false />
        </div>
    </div>
</@s.else>', 1)
    at org.entando.entando.aps.system.init.util.TableDataUtils.executeQueries(TableDataUtils.java:97)
    at org.entando.entando.aps.system.init.util.TableDataUtils.valueDatabase(TableDataUtils.java:58)
    ... 32 more
Caused by: java.sql.SQLSyntaxErrorException: ORA-01704: valore di stringa troppo lungo

    at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:445)
    at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:396)
    at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:879)
    at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:450)
    at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:192)
    at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:531)
    at oracle.jdbc.driver.T4CPreparedStatement.doOall8(T4CPreparedStatement.java:207)
    at oracle.jdbc.driver.T4CPreparedStatement.executeForRows(T4CPreparedStatement.java:1044)
    at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1329)
    at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:3584)
    at oracle.jdbc.driver.OraclePreparedStatement.executeUpdate(OraclePreparedStatement.java:3665)
    at oracle.jdbc.driver.OraclePreparedStatementWrapper.executeUpdate(OraclePreparedStatementWrapper.java:1352)
    at org.apache.tomcat.dbcp.dbcp.DelegatingPreparedStatement.executeUpdate(DelegatingPreparedStatement.java:105)
    at org.apache.tomcat.dbcp.dbcp.DelegatingPreparedStatement.executeUpdate(DelegatingPreparedStatement.java:105)
    at org.entando.entando.aps.system.init.util.TableDataUtils.executeQueries(TableDataUtils.java:82)
    ... 33 more

Please can you help us to solve the problem? thanks in advance for your help.

Thanks

creazione pagina riservata

Dopo aver creato una pagina con un Gruppo Proprietario "non free", se si prova a creare una sotto pagina di questa nella form di creazione pagina viene riportato disabilitato il campo Gruppo Proprietario (ok), ma al salvataggio il valore del gruppo non viene riportato (non è nella post come hidden).
Lo stesso problema se si aggiunge un gruppo di sola visualizzazione, al ricaricamento della pagina si perde il gruppo proprietario e non è possibile ripristinarlo perchè select disabilitata.

Entando tag 4.3.1

Muovi attributo invertito

Nell'amministrazione al percorso "APPS > CMS > Content types > Edit", nella tabella attributi, se si prova ad utilizzare le azioni "Move down" e "Move up" l'azione di "Move down" sposta l'attributo verso l'alto e viceversa l'azione "Move up" sposta l'attributo verso il basso, risultando le due operazioni invertite.

popover menu molto lento

Il problema di lentezza nell'apertura degli alberi con la visualizzazione del relativo popover menù si verifica quando si pisside un albero corposo come più di 400 pagine. L'apertura del ramo e la visualizzazione del menu può impiegarci anche qualche secondo.
Cambiado il modo di visualizzazione del menu ad albero in "apertura su richiesta", si verifica che all'editing di un contenuto ove si vuole inserire un link a pagina, l'apertura dei nodi non avviene e si viene reindirizzati su una pagina bianca.

TimestampAttribute validation

The validate method contains an error because the validation of an empty field is considered as invalid format date, even if attribute not required

if (null == this.getDate() || (...
should be
if (null == this.getDate() && (...

or better : check before an invalid Date, so null == this.getDate() && null != this.getFailedDateString() and after an invalid hour/minutes/seconds fields

Creating Contact form with attachment

Hi, I am trying to create contact form with attachment for website visitord to send us email with pdf file on the platform but there is an issue with php code for mailing.
Do you have any idea how can I set a contact for with attachment, or there is any sample to use?
I would be appreciate if anyone can help me.
I have tried web dynamic form but there is no attachment attribute to use

JSON Configuration missing, only XML Configuration found

Just installed Entando 5.0 and was running through the tutorials

The mortgage application here:
https://docs.entando.com/#_sample_mortgage_application_project

refers to JSON Configuration, but the App builder only shows XML Configuration field.

Current User Profile session trouble

In widget "Edit Current User Profile" if you enter a wrong input value in the form (like the email, that does not comply with regular expression), the submit of the form will return you the error.

However if you reload the page( or you go in Administration-Area/My Profile ) you still see the wrong input just entered.
Database instead, obviously, still stores non-updated values.

So if you log-out, and sign-in again, when you access the same page you will see right values.

Action Class:
org\entando\entando\apsadmin\common\currentuser\CurrentUserProfileAction.java

URLManager method don't spread the escapeAmp parameter in a nested method call

In the class URLManager, in row 125, there is an invocation of

return this.createUrl(requiredPage, requiredLang, params, true, null);

without passing the parameter "escapeAmp".

Probably the correct code is

return this.createUrl(requiredPage, requiredLang, params, escapeAmp, null);

List attribute, element duplication check

Improvement for List attribute. Add a method that allows to check if there are duplicated element in list.

JSON Unmarshal

Trying to invoke in POST a custom API, passing a JSON in the request body, I have the following error in the log:

javax.ws.rs.BadRequestException: java.lang.IllegalArgumentException: prefix ns3 is not bound to a namespace
    at org.apache.cxf.jaxrs.provider.json.JSONProvider.readFrom(JSONProvider.java)
    at org.entando.entando.aps.system.services.api.UnmarshalUtils.unmarshal(UnmarshalUtils.java)

the JSON is generated by Entando from an extension of the class
com.agiletec.aps.system.common.entity.model.JAXBEntity
and contains:

{
    "name": "AttrName",
    "description": "Attribute Name",
    "type": "Boolean",
    "value": {
        "@xsi.type": "ns3:string",
        "$": "true"
    }
}

Issue replicating the Mortgage demo

Just installed Entando 5.0
I am trying to replicate the mortgage application given in the documentation. Under section 3.1.2 I am not able to find the specified widgets in the app builder console.
Is there something I am missing? Also how to get all the widgets that Entando provides internally?

struts2 library upgrade

Currently Endando uses struts v.2.3.16.3 that is affected by several vulnerabilities (see here).

Is it planned an upgrade of the library in next releases of entando?

Thanks!

New Content : after saving only the description, it's impossible to change the group

On a new content, saving the description, save also as owner the selected group, but the form displays as editable the list of groups.
Choosing and setting a group, it's impossible to change it.

For example:

Enter on a new content editing
choose a group (ex: group A)
compile and save the description
the group choice is still enabled
choose a different group (ex: group B) and save it

The expected result is a content with the group B, but the group is A.
The problem is that the form is misleading.

A simple correction is to switch the order of main group and description.
Alternatively, to be able to change the main group even after the rescue of the description.

Image upload problem on windows

Loading an image on backoffice sometimes can occur in a error. Image reference will be created successfully but the image itself won't be stored on resources/cms/images. This problem depends on IMAGEMAGIK settings on systemParam.properties. It is possible to solve this problem simply switching imagemagick.enabled=false to true or viceversa and restarting the portal.

Security issue (phishing)

Hi all,
after the login process on front-end form, the Autenticator class redirects the user to returnUrl parameter without check his value (see here).

An attacker can share an url like this:
http://www.mywebsite.it/mysite/en/login.page?returnUrl=http%3A%2F%2Fwww.maliciouswebsite.com&redirectflag=1

How can I fix this?

GUI FRAGMENTS EDITING PROBLEM ON BACKOFFICE

When trying to cut&paste fragments from DEFAULT GUI CODE to GUI CODE tab on backoffice, selected content will be wrongly formatted. User NEED to remove all blank spaces manually otherwise fragment won't be load properly.

User profile

After installing the user profile plugin is not possibile to create a different kind of profile from backoffice.

Bug editing pagine protette

Sezione Page Tree. E' creata una nuova pagina da zero col pulsante "ADD" in alto a destra della tabella delle pagine. Questa pagina ha un Owner Group diverso da "Free Access". Una volta che la nuova pagina sopra creata compare nel Tree delle pagine, si decide di fare una sottopagina, facendo click su "Add" dal menu contestuale della pagina che abbiamo creato. Questa scelta, vediamo che precompila l' Owner Group, che viene ereditato dalla pagina, possiamo scegliere solo il Join Group. Come ne impostiamo uno, l' Owner Group si perde, tornando a "Choose an option". Provando a salvare la pagina, compare quindi un messaggio di errore sul fatto che l'Owner Group è obbligatorio, ma il campo è disabilitato e ha perso il valore che aveva

Gravatar feature problem

Also without using the Entando Avatar Plugin, it seems the avatar feature is integrated in the core, without possibility to disable from entando admin ui.

My opinion there a defect into the UserAvatarAction class because there is not a catch on the new URL step, because when you set your ide without internet connection, that class throws an UnknownHostException, this happens often when you are behind a proxy.

Adding a catch (UnknownHostException.. could be a usefull tip.

Creating a new Page Model

Hey guys,

I am not sure whether this post should be posted here, but it's 2 hours I am trying to understand how to add a Page Model to the select in Page Designer > Pages Tree > aPage > Configure without success.

I can't even find any significant information about this feature, not even in the docs.

Should I add some specific tag in the jsp file?

Thanks

Autosave error in New Content with empty description

An error occurs due to the execution of autosave on a New content with empty description.
This error is related to contents without attributes with jacms:title role set.

DB Oracle configuration

Hi all,
is it possible to configure Entando CMS for working with Oracle DB?

Thanks

API resources: guiFragment POST

Using guiFragment POST API method, the defaultGui field is always sent as null/empty.

Increase maxlength on link description

Currently, the maxlength attribute in links is set to 254: is it possible to increase this value?
Thanks

Repository issue

I hope someone answer my question.
I had load the repository of Entando-core, components and archetype from Github and successfully run the Entando platform for first time.
The issue is after that for the next day repository get update automatically from internet and error 503 is appear. in windows i have to remove complete .m2 folder and run all three again.
In Ubuntu test i have to remove completely os and install it again.
I have a project to execute and the problem is appear.
Kindly someone from Entando company reply once.
Thanks.

GUI fragment

I have used a portal example with myportal plugin.
I received this error in front end.

The fragment 'jacms_content_viewer' of widget 'content_viewer' is not available

Thank you
Marco

No characters escape in Database backup

In backup queries, some character is not properly escaped.
For example, I have in a record the following value:
abc\.def
In the INSERT query I found the same text:
abc\.def
But, in postgres, after the restore, I found:
abc.def
with loss of information.

The main problem is that the escape is related to the DBMS

Automatically Logout user issue

Hi all,
I have installed a fresh entando version 5.0.2 on ubuntu server, the platform work fine but the issue is when I want to add data like creating widget or cms content,module and etc the platform automatically logout me and showing the login page.

jAPS 2.0 dynamic content

Can I create a content with a dynamic string inside it using a paramater built in the action class? I have tried inserting a struts tag in the hypertext type content, but the browser seem does not read it as it should. Am I trying to do something possible? I can't find any help on the web !
thanks and regards
sara

CMS: default editor parameter

The setting function of the default editor deletes all other parameters (like the pages setting)

Icons, labels into Entando Back-office are not appropriate

In the Administration Area, labels, icons, etc. of the Shortcuts are not suitable:
For example:
Is it possible to change Settings in General Settings?

Is it possible to change icons?:

User Widget not dinamically update configuration

There is a problem changing the configuration of a User Widget.
After the change, the pages using the widget, maintain the old configuration.
To obtain the desired modification, you should reload the configuration.

WidgetType edit stuck on save

Steps to reproduce

open the admin console
select UX Pattern > Widget
select a widget
edit the HTML
click the save button

Issue

After clicking the save button, the page loads forever.
Opening the development console and listening to the network requests shows the single save.action waiting and a new update.action every 1-2 minutes.
Tomcat logs don't print any error.
Refreshing the page shows that the changes are not saved.

Environment

I have downloaded the Entando v5.0.2 artifact into an empty project, built it with Ant and deployed it inside Tomcat 9 in a Ubuntu 18.04.1 LTS.

Do you have any idea of how to solve this issue?
Thank you in advance for the help.

Demo project does not compile

Hello,
I have followed quick start guide, I have created a project using:

mvn archetype:generate -Dfilter=entando-archetype-portal-bootstrap

I have tried to launch with mvn clean jetty:run but I get:

Execution generate-liverebel-xml of goal org.zeroturnaround:jrebel-maven-plugin:1.1.3:generate-liverebel-xml failed: A required class was missing while executing org.zeroturnaround:jrebel-maven-plugin:1.1.3:generate-liverebel-xml: org/apache/commons/io/FileUtils
[ERROR] -----------------------------------------------------
[ERROR] realm = plugin>org.zeroturnaround:jrebel-maven-plugin:1.1.3
[ERROR] strategy = org.codehaus.plexus.classworlds.strategy.SelfFirstStrategy
[ERROR] urls[0] = file:/home/mgiammarco/.m2/repository/org/zeroturnaround/jrebel-maven-plugin/1.1.3/jrebel-maven-plugin-1.1.3.jar
[ERROR] urls[1] = file:/home/mgiammarco/.m2/repository/junit/junit/3.8.1/junit-3.8.1.jar
[ERROR] urls[2] = file:/home/mgiammarco/.m2/repository/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.jar
[ERROR] urls[3] = file:/home/mgiammarco/.m2/repository/commons-io/commons-io/1.4/commons-io-1.4.jar
[ERROR] urls[4] = file:/home/mgiammarco/.m2/repository/commons-lang/commons-lang/2.4/commons-lang-2.4.jar
[ERROR] Number of foreign imports: 1
[ERROR] import: Entry[import from realm ClassRealm[maven.api, parent: null]]
[ERROR]

Wrong Database encoding on Windows

When Entando populates its own database, the used encoding is wrong.
It uses another encoding instead of UTF-8.
The above problem occurs only on Windows

content link ckeditor

se l'albero delle pagine è impostato "a richiesta" la funzione di inserire un link nel testo di un contenuto tramite ckeditor, nel tab "Collegamento a Pagina" non presenta l'albero delle pagine. Viceversa se l'albero è impostato "classico" funziona.

Entando tag 4.3.1

Problem marshalling in JSON a "one element" array or collection

Invoking an API that returns a JSON, the elements of type array or collection are not converted correctly.

For example, if I have only one "category", the corresponding Json is like:
"categories": {
"category": "category_1"
}
If I have more than one element, I obtain:
"categories": {
"category": [
"category_1",
"category_2"
]
}

Client side, the tools convert the "category" Json in a JsonObject instead of the correct JsonArray.
This problem affects also the Monolist attributes and the arrays/collections in general.

problema verifica simultanea permesso e gruppo nel tag wp:ifauthorized

Abbiamo riscontrato un malfunzionamento nella verifica incrociata con gruppo e permesso di un utente.
La verifica delle autorizzazioni fallisce in quanto il metodo isAuthOnGroupAndRole implementato in AuthorizationManager, presenta una serie condizioni ma nessuna di queste permette di arrivare al punto in cui si verificano i ruoli dell'utente. Questo comporta che, restituendo sempre false, un utente non potra mai essere autorizzato

pagina visibile nei menu - "No"

se da page settings si imposta l'albero delle pagine a richiesta, nella tabella delle pagine la colonna "Displayed in menu" indica sempre No, indipendentemente dal fatto che lo sia o meno.

comunque il funzionamento del flag, ad esempio in un menu, è ok. le pagine visibili vengono correttamente visualizzate

Error getting template data.

Hi everyone.
Using Entando 5.0.0 I'm following the tutorial on the Entando documentation portal, and in particular the chapter about the app-builder named "GETTING STARTED WITH ENTANDO APP BUILDER". I was trying to create a new page model using the json and the xml from the tutorial but I receive the error in the issue title. The error message in the view is:

There are some errors in the form
error.pageModel.invalidConfiguration

Moreover in the xml text area there are several error displayed like:

element parse error: Error: invalid tagName:#assign
element parse error: Error: invalid tagName:@wp.currentPage
element parse error: Error: invalid tagName:@wp.i18n
and so on.

Finally in the console the error stacktrace is the following:
2019-02-27 15:58:00.338 - ERROR - com.agiletec.aps.system.services.pagemodel.PageModelDOM - Error parsing the page model XML: <#assign wp=JspTaglibs["/aps-core"]/>
<#assign c=JspTaglibs["http://java.sun.com/jsp/jstl/core"]/>

<title> <@wp.currentPage param="title" /> - <@wp.i18n key="PORTAL_TITLE" /> </title> favicon.png" type="image/png" /> <@c.import url="/WEB-INF/aps/jsp/models/inc/content_inline_editing.jsp" /> <@c.import url="/WEB-INF/aps/jsp/models/inc/header-inclusions_light.jsp" />

          <style>
          .editableform .control-group {
           margin-bottom: 0;
            white-space: nowrap;
           line-height: 28px;
           }
          </style>
</head>
 <body class="purple" data-spy="scroll" data-target="#navbar-menu">
    <!-- Navbar -->
    <div class="navbar navbar-custom navbar-fixed-top sticky" role="navigation" id="sticky-nav">
        <div class="container">
            <!-- Navbar-header -->
            <div class="navbar-header">
                <!-- Responsive menu button -->
                <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
                    <span class="sr-only">Toggle navigation</span>
                    <span class="icon-bar"></span>
                    <span class="icon-bar"></span>
                    <span class="icon-bar"></span>
                </button>
                <!-- LOGO -->
                <a class="navbar-brand logo" href="#">
                    <img alt="acme-logo"  class="logo-img" src="<@wp.imgURL />Logo_Acme_Bank.png">
                </a>
            </div>
            <!-- end navbar-header -->
            <!-- menu -->
            <div class="navbar-collapse collapse" id="navbar-menu">
                <!--Navbar left-->
                <ul class="nav navbar-nav nav-custom-left">
                    <!--frame 0 1-->
                    <@wp.show frame=0 />
                    <@wp.show frame=1 />
                </ul>
                <!-- Navbar right -->
                <ul class="nav navbar-nav navbar-right">
                    <!--frame 2 3-->
                    <@wp.show frame=2 />
                    <@wp.show frame=3 />
                </ul>
            </div>
            <!--/Menu -->
        </div>
        <!-- end container -->
    </div>
    <!-- End navbar-custom -->

    <!-- HOME -->
    <section>
           <!--frame 4-->
             <@wp.show frame=4 />
           <!--frame 4-->
    </section>
    <!-- END HOME -->

    <!-- Features Alt -->
    <section class="section" id="mortgage">
        <div class="container">
            <div class="row">
                <div class="col-sm-12">
                    <!--frame 5-->
                    <@wp.show frame=5 />
                    <!--frame 5-->
                </div>
            </div>
        </div>
    </section>

    <section class="section">
        <div class="container">
            <div class="col-sm-4">
                    <!--frame 6-->
                    <@wp.show frame=6 />
                    <!--frame 5-->
                </div>
                <div class="col-sm-4">
                    <!--frame 7 frame bpm -->
                    <@wp.show frame=7 />
                    <!--frame 7-->
                </div>
                 <div class="col-sm-4">
                    <!--frame 8 frame bpm -->
                    <@wp.show frame=8 />
                    <!--frame 8-->
                </div>
        </div>
    </section>

    <section>
        <!--frame 9-->
        <@wp.show frame=9 />
        <!--frame 9-->
    </section>
    <section class="">
            <!--frame 10-->
            <@wp.show frame=10 />
            <!--frame 10-->
    </section>

    <section class="">
        <div class="container">
            <div class="col-md-12">
                <div class="text-center">
                    <!--frame 11-->
                    <@wp.show frame=11 />
                </div>
                <!--frame 11-->
            </div>
        </div>
    </section>

    <!-- FOOTER -->
    <footer class=" ">
        <div class="container text-center">
            <div class="row">
                <div class="col-md-12">
                    <!--frame 12-->
                    <@wp.show frame=12 />
                    <!--frame 12-->
                </div>
            </div> <!-- end row -->

            <div class="row">
                <div class="col-sm-6">
                    <!--frame 13-->
                    <@wp.show frame=13 />
                    <!--frame 13-->
                </div>
                <div class="col-sm-6">
                    <!--frame 14-->
                    <@wp.show frame=14 />
                    <!--frame 14-->
                </div>
            </div>
        </div>
    </footer>
    <!-- END FOOTER -->

    <script src="<@wp.resourceURL />static/js/jquery.ajaxchimp.js"></script>
    <script src="<@wp.resourceURL />static/js/jquery.sticky.js"></script>
    <script src="<@wp.resourceURL />static/js/jquery.app.js"></script>
</body>

org.jdom.input.JDOMParseException: Error on line 1: The markup in the document preceding the root element must be well-formed. at org.jdom.input.SAXBuilder.build(SAXBuilder.java:533) at org.jdom.input.SAXBuilder.build(SAXBuilder.java:946) at com.agiletec.aps.system.services.pagemodel.PageModelDOM.decodeDOM(PageModelDOM.java:114) at com.agiletec.aps.system.services.pagemodel.PageModelDOM.(PageModelDOM.java:54) at org.entando.entando.apsadmin.portal.model.PageModelAction.checkModelConfiguration(PageModelAction.java:115) at org.entando.entando.apsadmin.portal.model.PageModelAction.validate(PageModelAction.java:87) at com.opensymphony.xwork2.validator.ValidationInterceptor.doBeforeInvocation(ValidationInterceptor.java:247) at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:259) at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:73) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor.doIntercept(ConversionErrorInterceptor.java:139) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:133) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:192) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at org.apache.struts2.interceptor.CheckboxInterceptor.intercept(CheckboxInterceptor.java:88) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at org.apache.struts2.interceptor.debugging.DebuggingInterceptor.intercept(DebuggingInterceptor.java:253) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:155) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at org.apache.struts2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:120) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:174) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:171) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(AliasInterceptor.java:195) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.intercept(ExceptionMappingInterceptor.java:193) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at com.agiletec.apsadmin.system.BaseInterceptorMadMax.invoke(BaseInterceptorMadMax.java:119) at com.agiletec.apsadmin.system.InterceptorMadMax.invoke(InterceptorMadMax.java:104) at com.agiletec.apsadmin.system.BaseInterceptorMadMax.intercept(BaseInterceptorMadMax.java:63) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at com.agiletec.apsadmin.system.BaseInterceptorMadMax.invoke(BaseInterceptorMadMax.java:119) at com.agiletec.apsadmin.system.BaseInterceptorMadMax.intercept(BaseInterceptorMadMax.java:63) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at org.apache.struts2.factory.StrutsActionProxy.execute(StrutsActionProxy.java:54) at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:564) at org.apache.struts2.dispatcher.ExecuteOperations.executeAction(ExecuteOperations.java:81) at org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:143) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at org.entando.entando.aps.servlet.CORSFilter.doFilterInternal(CORSFilter.java:30) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215) at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) at org.eclipse.jetty.server.Server.handle(Server.java:499) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257) at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635) at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555) at java.lang.Thread.run(Thread.java:745) Caused by: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 2; The markup in the document preceding the root element must be well-formed. at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:203) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:177) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(XMLScanner.java:1437) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next(XMLDocumentScannerImpl.java:883) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:606) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:118) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:510) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:848) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:777) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1213) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:643) at org.jdom.input.SAXBuilder.build(SAXBuilder.java:518) ... 69 more Caused by: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 2; The markup in the document preceding the root element must be well-formed. at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:203) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:177) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:400) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:327) at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(XMLScanner.java:1437) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next(XMLDocumentScannerImpl.java:883) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:606) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:118) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:510) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:848) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:777) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1213) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:643) at org.jdom.input.SAXBuilder.build(SAXBuilder.java:518) at org.jdom.input.SAXBuilder.build(SAXBuilder.java:946) at com.agiletec.aps.system.services.pagemodel.PageModelDOM.decodeDOM(PageModelDOM.java:114) at com.agiletec.aps.system.services.pagemodel.PageModelDOM.(PageModelDOM.java:54) at org.entando.entando.apsadmin.portal.model.PageModelAction.checkModelConfiguration(PageModelAction.java:115) at org.entando.entando.apsadmin.portal.model.PageModelAction.validate(PageModelAction.java:87) at com.opensymphony.xwork2.validator.ValidationInterceptor.doBeforeInvocation(ValidationInterceptor.java:247) at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:259) at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:73) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor.doIntercept(ConversionErrorInterceptor.java:139) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:133) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:192) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at org.apache.struts2.interceptor.CheckboxInterceptor.intercept(CheckboxInterceptor.java:88) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at org.apache.struts2.interceptor.debugging.DebuggingInterceptor.intercept(DebuggingInterceptor.java:253) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:155) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at org.apache.struts2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:120) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:174) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:171) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(AliasInterceptor.java:195) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.intercept(ExceptionMappingInterceptor.java:193) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at com.agiletec.apsadmin.system.BaseInterceptorMadMax.invoke(BaseInterceptorMadMax.java:119) at com.agiletec.apsadmin.system.InterceptorMadMax.invoke(InterceptorMadMax.java:104) at com.agiletec.apsadmin.system.BaseInterceptorMadMax.intercept(BaseInterceptorMadMax.java:63) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at com.agiletec.apsadmin.system.BaseInterceptorMadMax.invoke(BaseInterceptorMadMax.java:119) at com.agiletec.apsadmin.system.BaseInterceptorMadMax.intercept(BaseInterceptorMadMax.java:63) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at org.apache.struts2.factory.StrutsActionProxy.execute(StrutsActionProxy.java:54) at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:564) at org.apache.struts2.dispatcher.ExecuteOperations.executeAction(ExecuteOperations.java:81) at org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:143) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at org.entando.entando.aps.servlet.CORSFilter.doFilterInternal(CORSFilter.java:30) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215) at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) at org.eclipse.jetty.server.Server.handle(Server.java:499) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257) at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635) at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555) at java.lang.Thread.run(Thread.java:745)

Insufficient input sanitization leads to XSS

The Java class in ./portal-ui/src/main/java/org/entando/entando/aps/servlet/XSSRequestWrapper.java does not properly validate and sanitize user supplied data.
As a suggestion you could use the full ESAPI lib (already imported in code) instead of applying a blacklitst type filter on lines 68-70.

A full disclosure of the vulnerability will be sent to you, if you wish, through a private channel.

entando / entando-core Goto Github PK

entando-core's Introduction

entando-core

entando-core's People

Contributors

Stargazers

Watchers

Forkers

entando-core's Issues

Steps to reproduce

Issue

Environment

Recommend Projects

Recommend Topics

Recommend Org