The default runtime directory for Moqui Framework
License: Other
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "mend-bolt-for-github[bot]")
A JavaScript error is thrown when I attempt to delete a resource using the ElFinder. To reproduce, try to upload a ExampleContent file and then try to delete the dbresource using ElFinder. I tried this on Firefox v45.
TypeError: e.isRejected is not a function
Here is my steps:
But I cannot start up jackrabbit, may I know how to setup it ? thanks
Vulnerable Library - swagger-uiv2.1.4
Swagger UI is a collection of HTML, Javascript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API.
Library home page: https://github.com/swagger-api/swagger-ui.git
Found in HEAD commit: f5e5c8ccc2d14a1a2f4657ec2306e20c51039f21
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
Swagger-UI versions before 2.2.1 are vulnerable to XSS when allowing HTML code in the swagger.apiInfo.description value without proper sanitization, which may allow attackers to execute arbitrary JavaScript.
Publish Date: 2015-01-28
URL: WS-2019-0234
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082
Release Date: 2015-01-28
Fix Resolution: 2.2.1
Step up your Open Source Security Game with WhiteSource here
In html mode, subscreens can use different theme, in vuejs mode it still use default STT_INTERNAL.
I noticed a change in behavior based on change in DefaultScreenMacros.html.ftl some time ago. Originally, the form-list macro rendered individual elements inside Table class. Then, after changing the macro (<#-- all form elements outside table element and referred to with input/etc.@Form attribute for proper HTML --> 50b9fbd), the search feature stopped working (I am using Chrome on Windows 10).
Here are the screenshots to showcase the change in the HTML code being generated before and after:
This is how it looked before the change:
This is after the change:
There is a workaround to it. Just set header-dialog to true, then it starts working.
Searching an entity with search-form-inputs fails when:
If you change the form-list@header-dialog to true, select only one option or use the same screen through the /apps rather than /vapps URL it finds the results, but when all four conditions above are met, no results are shown.
When printing the parameter with the respective field name immediately after the entity-find, the difference is that when it is working it has a list form (e.g. "[option1, option2]") and when it is not working it does not print the starting nor ending brackets (e.g. "option1, option2").
Thanks,
Ashok
Transition menuData in webroot.xml does not work when application runs in dynamic mode. The request that is made to fetch items of the menu is forwarded to an incorrect URL.
Application is running on URL [server]/[application], but the URL (of menuData transition) is constructed as [server]/menuData/[application]/apps. There are multiple instances of jetty running on the server, with httpd running as reverse proxy.
And the result is:
I found form.background-reload-id does not work in vapps. I have checked code I think it is cuased by incorret formSingleType "form" is assigned in DefaultScreenMacros.vuet.ftl line 380. "m-from" is expected here
This error occurs after logging out. Application works normally and user is logged out as expected, the error is logged.
2016-12-31 00:40:59.330:WARN:oejs.session:qtp787604730-44:
java.lang.IllegalStateException: Invalid for read: id=node025ehkn4dbkzmq3loqdkq4e40 not resident
at org.eclipse.jetty.server.session.Session.checkValidForRead(Session.java:629)
at org.eclipse.jetty.server.session.Session.getAttribute(Session.java:649)
at org.moqui.impl.webapp.MoquiSessionListener.sessionDestroyed(MoquiSessionListener.groovy:56)
at org.eclipse.jetty.server.session.SessionHandler.removeSession(SessionHandler.java:1056)
at org.eclipse.jetty.server.session.SessionHandler.invalidate(SessionHandler.java:1230)
at org.eclipse.jetty.server.session.DefaultSessionIdManager.invalidateAll(DefaultSessionIdManager.java:474)
at org.eclipse.jetty.server.session.Session.invalidate(Session.java:862)
at org.apache.shiro.web.session.HttpServletSession.stop(HttpServletSession.java:113)
at org.apache.shiro.session.ProxiedSession.stop(ProxiedSession.java:107)
at org.apache.shiro.subject.support.DelegatingSubject$StoppingAwareProxiedSession.stop(DelegatingSubject.java:419)
at org.apache.shiro.mgt.DefaultSecurityManager.stopSession(DefaultSecurityManager.java:581)
at org.apache.shiro.mgt.DefaultSecurityManager.logout(DefaultSecurityManager.java:567)
at org.apache.shiro.subject.support.DelegatingSubject.logout(DelegatingSubject.java:363)
at org.moqui.impl.context.UserFacadeImpl.popUser(UserFacadeImpl.groovy:702)
at org.moqui.impl.context.UserFacadeImpl.logoutUser(UserFacadeImpl.groovy:503)
at org.moqui.context.UserFacade$logoutUser$0.call(Unknown Source)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:117)
at component___webroot_screen_webroot_Login_xml_transition_logout_actions.run(component___webroot_screen_webroot_Login_xml_transition_logout_actions:8)
at org.moqui.impl.actions.XmlAction.run(XmlAction.java:67)
at org.moqui.impl.screen.ScreenDefinition$TransitionItem.run(ScreenDefinition.groovy:731)
at org.moqui.impl.screen.ScreenRenderImpl.recursiveRunTransition(ScreenRenderImpl.groovy:253)
at org.moqui.impl.screen.ScreenRenderImpl.recursiveRunTransition(ScreenRenderImpl.groovy:247)
at org.moqui.impl.screen.ScreenRenderImpl.internalRender(ScreenRenderImpl.groovy:370)
at org.moqui.impl.screen.ScreenRenderImpl.render(ScreenRenderImpl.groovy:159)
at org.moqui.impl.webapp.MoquiServlet.service(MoquiServlet.groovy:79)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:830)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1634)
at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:193)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1621)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:541)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1584)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1228)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:481)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1553)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1130)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:530)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
at org.eclipse.jetty.server.Server.handle(Server.java:564)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:318)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:112)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124)
at org.eclipse.jetty.util.thread.Invocable.invokePreferred(Invocable.java:122)
at org.eclipse.jetty.util.thread.strategy.ExecutingExecutionStrategy.invoke(ExecutingExecutionStrategy.java:58)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:201)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:133)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:672)
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:590)
at java.lang.Thread.run(Thread.java:745)
00:40:59.341 INFO 787604730-44 o.m.i.s.ScreenRenderImpl Transition Login/logout in 50ms, redirecting to screen path URL: http://localhost:8080
AutoFind.xml does not generate the necessary transitions and does also not create the dialogs in the current version.
I have added some support for this, and I would be happy to publish the code.
I have just created a pull request for review, thx
Oliver
I set up a testcase like this:
<moqui.security.ArtifactGroup artifactGroupId="HIVE_MIND_CLIENT" description="HM CLIENT only (via screen)"/>
<moqui.security.ArtifactGroupMember artifactGroupId="HIVE_MIND_CLIENT" artifactName="component://HiveMind/screen/HiveMindAdmin/Client.xml"
artifactTypeEnumId="AT_XML_SCREEN" inheritAuthz="Y"/>
<moqui.security.ArtifactAuthz artifactAuthzId="HIVE_MIND_CLIENT_USERS" userGroupId="HIVE_MIND_USERS" artifactGroupId="HIVE_MIND_CLIENT"
authzTypeEnumId="AUTHZT_ALWAYS" authzActionEnumId="AUTHZA_ALL"/>
use user joe.developer, which is only member of HIVE_MIND_USERS group to access to url:
http://localhost:8080/apps/hmadmin/Client/FindClient
Result: access granted
if I switch to Vue screen at:
http://localhost:8080/vapps/hmadmin/Client/FindClient
Error message occurs:
Access Forbidden (403) User joe.developer is not authorized for View on Screen component://HiveMind/screen/HiveMindAdmin.xml
Error log:
22:04:21.388 INFO 787604730-11 o.m.i.s.ScreenRenderImpl vapps/hmadmin/Client/FindClient in 174ms (text/html;charset=utf-8) session node0130qkrrqyn49b1ujhpmww9x9p72
22:04:22.174 INFO 787604730-18 o.moqui.i.w.NotificationEndpoint Notification subscribe user ORG_ZIZI_JD topics [ALL] session 0:0:0:0:0:0:0:1:8080->0:0:0:0:0:0:0:1:63478
22:04:22.268 INFO 787604730-92 o.m.i.s.ScreenRenderImpl Transition menuData/apps/hmadmin/Client/FindClient in 116ms, type none response
22:04:22.314 INFO 787604730-13 o.m.i.e.EntityDbMeta Creating table for moqui.security.ArtifactAuthzFailure pks: [failureId]
22:04:22.343 INFO 787604730-13 o.m.i.e.EntityDbMeta Created table ARTIFACT_AUTHZ_FAILURE for entity moqui.security.ArtifactAuthzFailure in group transactional
22:04:22.364 INFO 787604730-11 o.m.i.s.ScreenRenderImpl Transition apps/my/counts in 91ms, type none response
22:04:22.390 WARN 787604730-13 o.m.i.w.MoquiServlet Web Access Forbidden (no authz): User ORG_ZIZI_JD is not authorized for View on Screen component://HiveMind/screen/HiveMindAdmin.xml
Current artifact info: [name:'component://HiveMind/screen/HiveMindAdmin.xml', type:'AT_XML_SCREEN', action:'AUTHZA_VIEW', required: true, granted:false, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]
Current artifact stack:
[name:'component://webroot/screen/webroot/apps.xml', type:'AT_XML_SCREEN', action:'AUTHZA_VIEW', required: false, granted:false, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]
[name:'component://webroot/screen/webroot.xml', type:'AT_XML_SCREEN', action:'AUTHZA_VIEW', required: false, granted:false, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]
22:04:22.433 INFO 787604730-13 o.m.i.s.ScreenRenderImpl error/Forbidden in 43ms (text/html;charset=utf-8) session node0130qkrrqyn49b1ujhpmww9x9p72
header-field also use getFieldValidationClasses, which got same result as field in body.
Vulnerable Library - swagger-uiv2.1.4
Swagger UI is a collection of HTML, Javascript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API.
Library home page: https://github.com/swagger-api/swagger-ui.git
Found in HEAD commit: f5e5c8ccc2d14a1a2f4657ec2306e20c51039f21
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
swagger-ui response headers are not escaped when generating the curl command, allowing XSS attack
Publish Date: 2016-01-12
URL: WS-2016-0044
CVSS 3 Score Details (4.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/WS-2016-0044
Release Date: 2016-01-12
Fix Resolution: swagger-ui - 2.1.5-M1
Step up your Open Source Security Game with WhiteSource here
The field.header-field.@title attribute is being ignored inside form-single forms, using the default field.@name string instead.
According to pull request moqui/HiveMind#24 , this is not be the correct behavior and should be fixed.
Example of this behavior is in the "AddUserAssignForm" (when clicking on "Add User Assignment"), visible at https://demo.moqui.org/apps/hmadmin/Project/EditUsers?rootWorkEffortId=HM . Two titles have an ignored header-field.@title attribute:
java -jar moqui.warThe selectors at the bottom of the page are all filled, and cannot be changed.
In the vapps path: http://localhost:8080/vapps/tools/Entity/DataExport, the selectors only have one spot toggled. This should be what happens in the qapps path too.
There seems to be an issue with buttons that reside outside the form element on IE (I've tested on IE 11). This issue can be reproduced on IE using the "Test Login (John Doe)" button. I believe this also affects the form-list with multi=true.
Proposed Solution 1:
Include a hidden submit in the form element and reference it outside the form.
<form method="get" action="something.php">
<input type="text" name="name" />
<input type="submit" id="submit-form" class="hidden" />
</form>
<label for="submit-form">Submit</label>
Proposed Solution 2:
Use a JavaScript call instead of the form attribute. I was able to achieve this by setting the button onclick attribute in DefaultScreenMacros.html.ftl.
form="${linkFormId}" onclick="$('#${linkFormId}').submit()"
References:
Vulnerable Library - swagger-uiv2.1.4
Swagger UI is a collection of HTML, Javascript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API.
Library home page: https://github.com/swagger-api/swagger-ui.git
Found in HEAD commit: f5e5c8ccc2d14a1a2f4657ec2306e20c51039f21
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
Swagger-ui has vulnerability when "Produces" and "consumes" Content-types in schema are not escaped and allow XSS
Publish Date: 2016-01-13
URL: WS-2016-0034
CVSS 3 Score Details (7.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: swagger-api/swagger-ui#1866
Release Date: 2016-01-13
Fix Resolution: v2.1.5
Step up your Open Source Security Game with WhiteSource here
I noticed an error in browser's console. It's related to CombinedBase JS library. Here is the screenshot:
Vulnerable Library - underscore-min-1.7.0.jsJavaScript's functional programming helper library.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.7.0/underscore-min.js
Path to dependency file: /base-component/tools/screen/toolstatic/lib/swagger-ui/index.html
Path to vulnerable library: /base-component/tools/screen/toolstatic/lib/swagger-ui/lib/underscore-min.js,/base-component/tools/screen/toolstatic/lib/swagger-ui/lib/underscore-min.js
Dependency Hierarchy:
Found in HEAD commit: f5e5c8ccc2d14a1a2f4657ec2306e20c51039f21
Found in base branch: master
Vulnerability Details
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
Publish Date: 2021-03-29
URL: CVE-2021-23358
CVSS 3 Score Details (7.2)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23358
Release Date: 2021-03-29
Fix Resolution: underscore - 1.12.1,1.13.0-2
Step up your Open Source Security Game with WhiteSource here
I just pull the newest code to try new VueJs features.
When open a wikispace using VueJS, error occurs:
http://localhost:8080/vapps/hm/wiki/DEMOCannot get wiki page info without wikiSpaceId parameter or URL path elementIt's still ok with normal screen (http://localhost:8080/apps/hm/wiki/DEMO)
The code for <#macro "form-single"> is out-of-date:
<#assign formNode = sri.getFtlFormNode(.node["@name"])>
${sri.setSingleFormMapInContext(formNode)}
possible replacement with:
<#assign formInstance = sri.getFormInstance(.node["@name"])>
<#assign formNode = formInstance.getFtlFormNode()>
${sri.pushSingleFormMapContext(formNode)}
I make a CustomScreenMacros.vuet.ftl and config it like this <macro-template type="html,vuet" location="template/screen-macro/CustomScreenMacros.vuet.ftl"/> but it doesn't take effected. after checking the xsd <xs:attribute name="type" type="xs:string" use="required"> <xs:annotation><xs:documentation> Can be anything. Default supported values include: text, html, xsl-fo, xml, and csv. </xs:documentation></xs:annotation> </xs:attribute>
it is not support the vuet mode yet?
Hi David - it looks like your changes might have kicked in the following error
If you install a demo copy of the following components
git clone https://github.com/moqui/moqui-framework.git moqui
git clone https://github.com/moqui/moqui-runtime.git moqui/runtime
git clone https://github.com/moqui/mantle-udm.git runtime/component/mantle-udm
git clone https://github.com/moqui/mantle-usl.git runtime/component/mantle-usl
Then give john.doe permissions to access the Products API
<moqui.security.ArtifactGroup artifactGroupId="PRODUCT_API" description="Product REST API"/>
<moqui.security.ArtifactGroupMember artifactGroupId="PRODUCT_API" artifactName="mantle\.product\..*"
nameIsPattern="Y" artifactTypeEnumId="AT_ENTITY" inheritAuthz="Y"/>
<moqui.security.ArtifactAuthz artifactAuthzId="PRODUCT_AUTHZ_ALL" userGroupId="ADMIN" artifactGroupId="PRODUCT_API"
authzTypeEnumId="AUTHZT_ALWAYS" authzActionEnumId="AUTHZA_ALL"/>
Now CURL one of the default products
curl -X GET -u john.doe:moqui http://localhost:8080/rest/m1/products/10000
And you get the following error
--- 17:07:55.727 [andlerThread[9]] WARN org.moqui.impl.context.WebFacadeImpl
General error in entity REST: java.lang.NullPointerException
java.lang.NullPointerException
at org.moqui.impl.entity.EntityFindBase.oneMaster(EntityFindBase.groovy:774) ~[moqui-framework-1.6.3.jar:1.6.3]
at org.moqui.impl.entity.EntityFacadeImpl.rest(EntityFacadeImpl.groovy:1274) ~[moqui-framework-1.6.3.jar:1.6.3]
at org.moqui.impl.context.WebFacadeImpl.handleEntityRestCall(WebFacadeImpl.groovy:793) [moqui-framework-1.6.3.jar:1.6.3]
at org.moqui.context.WebFacade$handleEntityRestCall.call(Unknown Source) [moqui-framework-1.6.3.jar:1.6.3]
at rest_xml_transition_m1_actions.run(rest_xml_transition_m1_actions:5) [script:?]
at org.moqui.impl.actions.XmlAction.run(XmlAction.groovy:67) [moqui-framework-1.6.3.jar:1.6.3]
at org.moqui.impl.screen.ScreenDefinition$TransitionItem.run(ScreenDefinition.groovy:707) [moqui-framework-1.6.3.jar:1.6.3]
at org.moqui.impl.screen.ScreenRenderImpl.recursiveRunTransition(ScreenRenderImpl.groovy:229) [moqui-framework-1.6.3.jar:1.6.3]
at org.moqui.impl.screen.ScreenRenderImpl.recursiveRunTransition(ScreenRenderImpl.groovy:223) [moqui-framework-1.6.3.jar:1.6.3]
at org.moqui.impl.screen.ScreenRenderImpl.internalRender(ScreenRenderImpl.groovy:336) [moqui-framework-1.6.3.jar:1.6.3]
at org.moqui.impl.screen.ScreenRenderImpl.render(ScreenRenderImpl.groovy:167) [moqui-framework-1.6.3.jar:1.6.3]
at org.moqui.impl.webapp.MoquiServlet.doScreenRequest(MoquiServlet.groovy:73) [moqui-framework-1.6.3.jar:1.6.3]
at org.moqui.impl.webapp.MoquiServlet.doGet(MoquiServlet.groovy:42) [moqui-framework-1.6.3.jar:1.6.3]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:693) [moqui-1.6.3.war:1.2]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:806) [moqui-1.6.3.war:1.2]
at net.winstone.core.ServletConfiguration.execute(ServletConfiguration.java:270) [moqui-1.6.3.war:1.7.0]
at net.winstone.core.SimpleRequestDispatcher.forward(SimpleRequestDispatcher.java:290) [moqui-1.6.3.war:1.7.0]
at ntone.core.listener.RequestHandlerThread.processRequest(RequestHandlerThread.java:212) [moqui-1.6.3.war:1.7.0]
at net.winstone.core.listener.RequestHandlerThread.run(RequestHandlerThread.java:143) [moqui-1.6.3.war:1.7.0]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_71]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_71]
at net.winstone.util.BoundedExecutorService$1.run(BoundedExecutorService.java:81) [moqui-1.6.3.war:1.7.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_71]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_71]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_71]
--- 17:07:55.730 [andlerThread[9]] INFO org.moqui.impl.screen.ScreenRenderImpl
Finished transition [rest, m1, products, 10000] in 0.005 seconds; type none response.
Many thanks
Sam
java -jar moqui.warsrc/test/groovy/ToolsTests.groovy ensure apps = "vapps"def "Entity/DataImport test"() testapps = "qapps"def "Entity/DataImport test"() testOn lines 5-7 and lines 8-10, you are running the exact same code with a different file path. Lines 5-7 are running localhost:8080/vapps and lines 8-10 are running localhost:8080/qapps.
The vapps test completes successfully after importing the data, but the qapps test does not. The qapps has a notification that says Error: Server Error (error). It should have done what the vapps test did by sending a notification that says: Submit successful.
While doing some of these tests, I have noticed this kind of message in several areas, but this is the easiest one to pinpoint.
To reproduce:
click Get Forms XML
on screen message pop up: Form data saved
On Web Developer:
Its working fine on /apps.
When opening Service Jobs from Server Admin ...
... the application returns an error:
Error rendering screen [component://tools/screen/System/ServiceJob/Jobs/ServiceJobList.xml]: groovy.lang.MissingMethodException: No signature of method: org.moqui.impl.service.ServiceFacadeImpl.getServiceJobRunner() is applicable for argument types: () values: [] Possible solutions: getServiceRunner(java.lang.String)
At row 53, change parameter-map="[selectedEntity:entityName]" with parameter-map="[selectedEntity:fullEntityName]"
Hi, David,
The below is my code to display the edit form dynamically
I downloaded the new Moqui 1.6.1 framework and executed the gradle load and gradle run commands, everything worked splendidly. Next I added the MySQL JDBC driver to runtime/lib and configured the entity-facade.datasource in MoquiDevConf.xml as follows:
<datasource group-name="transactional" database-conf-name="mysql" schema-name="" startup-add-missing="true"> <inline-jdbc jdbc-uri="jdbc:mysql://127.0.0.1:3306/moqui161?autoReconnect=true&useUnicode=true&characterEncoding=UTF-8" jdbc-username="moqui" jdbc-password="moqui" pool-minsize="2" pool-maxsize="50" /> </datasource>
I then ran gradle load again and encountered the following error on most of the tables:
--- 17:54:40.992 [ main] ERROR org.moqui.impl.entity.EntityDbMeta
SQL Exception while executing the following SQL [CREATE TABLE DATA_SOURCE (DATA_SOURCE_ID VARCHAR(40) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL, DATA_SOURCE_TYPE_ENUM_ID VARCHAR(40) CHARACTER SET utf8 COLLATE utf8_general_ci, DESCRIPTION VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_general_ci, LAST_UPDATED_STAMP DATETIME(3), CONSTRAINT PK_DATA_SOURCE PRIMARY KEY (DATA_SOURCE_ID)) ENGINE InnoDB CHARACTER SET utf8 COLLATE utf8_general_ci]: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(3), CONSTRAINT PK_DATA_SOURCE PRIMARY KEY (DATA_SOURCE_ID)) ENGINE InnoDB CHARA' at line 1
This seems to be due to the following configuration:
<database-type type="date-time" sql-type="DATETIME(3)"/>
The only way I was able to move forward was to upgrade to MySQL 5.7.11. What is the minimum MySQL version that Moqui supports?
I tried to make the current version of the project completely chinese version, and this error was thrown during the adjustment process. I tried to find out where the problem was caused based on the error message. The troublesome thing is that the exception information thrown is not given enough. With a clear hint, I cannot easily find the cause of the real error. The only modification I made to the original version is Chinese translate, there is no logic modification, interface modification.
22:13:05.730 ERROR RequireNewTx o.moqui.i.a.XmlAction Error running groovy script (org.moqui.BaseArtifactException: Error in string expression ["""${partyDetail.pseudoId} ${timePeriodType.periodPurposeEnumId[0]}Y${fromLocalDate.getYear()}${timePeriodType?.lengthUomId!='TF_yr'?(timePeriodType.description.split('(?=[A-Z])')[1][0].toLowerCase())+(periodNum as String).padLeft(2,'0'):''}"""] from null):
1 : import static org.moqui.util.ObjectUtilities.*
2 : import static org.moqui.util.CollectionUtilities.*
3 : import static org.moqui.util.StringUtilities.*
4 : import java.sql.Timestamp
5 : // these are in the context by default: ExecutionContext ec, Map<String, Object> context, Map<String, Object> result
6 : if (true) {
7 : org.moqui.entity.EntityValue find_one_result = ec.entity.find("mantle.party.time.TimePeriod")
8 : .condition("timePeriodId", previousPeriodId).one()
9 : if (previousPeriod instanceof Map && !(previousPeriod instanceof org.moqui.entity.EntityValue)) { if (find_one_result) previousPeriod.putAll(find_one_result) } else { previousPeriod = find_one_result }
10 : }
...
22:13:05.732 WARN RequireNewTx o.moqui.i.c.TransactionFacadeImpl Transaction set rollback only. The rollback was originally caused by: Error running service mantle.party.TimeServices.create#TimePeriod (Throwable)
org.moqui.BaseArtifactException: Error in string expression ["""${partyDetail.pseudoId} ${timePeriodType.periodPurposeEnumId[0]}Y${fromLocalDate.getYear()}${timePeriodType?.lengthUomId!='TF_yr'?(timePeriodType.description.split('(?=[A-Z])')[1][0].toLowerCase())+(periodNum as String).padLeft(2,'0'):''}"""] from null
at org.moqui.impl.context.ResourceFacadeImpl.expand(ResourceFacadeImpl.groovy:537) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.context.ResourceFacadeImpl.expand(ResourceFacadeImpl.groovy:500) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at mantle_party_TimeServices_create_TimePeriod.run(mantle_party_TimeServices_create_TimePeriod:172) ~[?:?]
at org.moqui.impl.actions.XmlAction.run(XmlAction.java:67) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.service.runner.InlineServiceRunner.runService(InlineServiceRunner.java:59) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.service.ServiceCallSyncImpl.callSingle(ServiceCallSyncImpl.java:317) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.service.ServiceCallSyncImpl.call(ServiceCallSyncImpl.java:121) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at mantle_ledger_LedgerServices_check_NextFiscalTimePeriods.run(mantle_ledger_LedgerServices_check_NextFiscalTimePeriods:92) ~[?:?]
at org.moqui.impl.actions.XmlAction.run(XmlAction.java:67) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.service.runner.InlineServiceRunner.runService(InlineServiceRunner.java:59) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.service.ServiceCallSyncImpl.callSingle(ServiceCallSyncImpl.java:317) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.service.ServiceCallSyncImpl.call(ServiceCallSyncImpl.java:121) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at mantle_ledger_LedgerServices_init_PartyAccountingConfiguration.run(mantle_ledger_LedgerServices_init_PartyAccountingConfiguration:214) ~[?:?]
at org.moqui.impl.actions.XmlAction.run(XmlAction.java:67) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.service.runner.InlineServiceRunner.runService(InlineServiceRunner.java:59) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.service.ServiceCallSyncImpl.callSingle(ServiceCallSyncImpl.java:317) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.service.ServiceCallSyncImpl.call(ServiceCallSyncImpl.java:121) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.entity.EntityDataLoaderImpl$LoadValueHandler.handleService(EntityDataLoaderImpl.groovy:501) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.entity.EntityDataLoaderImpl$EntityXmlHandler.endElement(EntityDataLoaderImpl.groovy:786) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.AbstractXMLDocumentParser.emptyElement(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanStartElement(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.jaxp.SAXParserImpl.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at javax.xml.parsers.SAXParser.parse(SAXParser.java:195) ~[?:1.8.0_77]
at org.moqui.impl.entity.EntityDataLoaderImpl.loadSingleFile(EntityDataLoaderImpl.groovy:311) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.entity.EntityDataLoaderImpl$_internalRun_closure1.doCall(EntityDataLoaderImpl.groovy:284) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.context.TransactionFacadeImpl$_runRequireNew_closure1.doCall(TransactionFacadeImpl.groovy:198) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_77]
Caused by: java.lang.ArrayIndexOutOfBoundsException: 1
at S33f177c1_____partyDetail_pseudoId____t.run(S33f177c1_____partyDetail_pseudoId____t:1) ~[?:?]
at org.moqui.impl.context.ResourceFacadeImpl.expand(ResourceFacadeImpl.groovy:533) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
... 34 more
22:13:05.757 WARN RequireNewTx o.moqui.i.c.TransactionFacadeImpl Transaction set rollback only for [Error running service mantle.party.TimeServices.create#TimePeriod (Throwable)]. Here is the current location:
org.moqui.BaseException: Set rollback only location
at org.moqui.impl.context.TransactionFacadeImpl.setRollbackOnly(TransactionFacadeImpl.groovy:470) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.context.TransactionFacadeImpl.rollback(TransactionFacadeImpl.groovy:423) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.service.ServiceCallSyncImpl.callSingle(ServiceCallSyncImpl.java:342) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.service.ServiceCallSyncImpl.call(ServiceCallSyncImpl.java:121) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at mantle_ledger_LedgerServices_check_NextFiscalTimePeriods.run(mantle_ledger_LedgerServices_check_NextFiscalTimePeriods:92) ~[?:?]
at org.moqui.impl.actions.XmlAction.run(XmlAction.java:67) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.service.runner.InlineServiceRunner.runService(InlineServiceRunner.java:59) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.service.ServiceCallSyncImpl.callSingle(ServiceCallSyncImpl.java:317) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.service.ServiceCallSyncImpl.call(ServiceCallSyncImpl.java:121) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at mantle_ledger_LedgerServices_init_PartyAccountingConfiguration.run(mantle_ledger_LedgerServices_init_PartyAccountingConfiguration:214) ~[?:?]
at org.moqui.impl.actions.XmlAction.run(XmlAction.java:67) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.service.runner.InlineServiceRunner.runService(InlineServiceRunner.java:59) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.service.ServiceCallSyncImpl.callSingle(ServiceCallSyncImpl.java:317) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.service.ServiceCallSyncImpl.call(ServiceCallSyncImpl.java:121) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.entity.EntityDataLoaderImpl$LoadValueHandler.handleService(EntityDataLoaderImpl.groovy:501) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.entity.EntityDataLoaderImpl$EntityXmlHandler.endElement(EntityDataLoaderImpl.groovy:786) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.AbstractXMLDocumentParser.emptyElement(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanStartElement(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.jaxp.SAXParserImpl.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at javax.xml.parsers.SAXParser.parse(SAXParser.java:195) ~[?:1.8.0_77]
at org.moqui.impl.entity.EntityDataLoaderImpl.loadSingleFile(EntityDataLoaderImpl.groovy:311) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.entity.EntityDataLoaderImpl$_internalRun_closure1.doCall(EntityDataLoaderImpl.groovy:284) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.context.TransactionFacadeImpl$_runRequireNew_closure1.doCall(TransactionFacadeImpl.groovy:198) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_77]
22:13:05.763 WARN RequireNewTx o.moqui.i.s.ServiceCallSyncImpl Error running service mantle.party.TimeServices.create#TimePeriod (Throwable) Artifact stack: mantle.party.TimeServices.create#TimePeriod, mantle.ledger.LedgerServices.check#NextFiscalTimePeriods, mantle.ledger.LedgerServices.init#PartyAccountingConfiguration, loadData
org.moqui.BaseArtifactException: Error in string expression ["""${partyDetail.pseudoId} ${timePeriodType.periodPurposeEnumId[0]}Y${fromLocalDate.getYear()}${timePeriodType?.lengthUomId!='TF_yr'?(timePeriodType.description.split('(?=[A-Z])')[1][0].toLowerCase())+(periodNum as String).padLeft(2,'0'):''}"""] from null
at org.moqui.impl.context.ResourceFacadeImpl.expand(ResourceFacadeImpl.groovy:537) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.context.ResourceFacadeImpl.expand(ResourceFacadeImpl.groovy:500) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at mantle_party_TimeServices_create_TimePeriod.run(mantle_party_TimeServices_create_TimePeriod:172) ~[?:?]
at org.moqui.impl.actions.XmlAction.run(XmlAction.java:67) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.service.runner.InlineServiceRunner.runService(InlineServiceRunner.java:59) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.service.ServiceCallSyncImpl.callSingle(ServiceCallSyncImpl.java:317) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.service.ServiceCallSyncImpl.call(ServiceCallSyncImpl.java:121) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at mantle_ledger_LedgerServices_check_NextFiscalTimePeriods.run(mantle_ledger_LedgerServices_check_NextFiscalTimePeriods:92) ~[?:?]
at org.moqui.impl.actions.XmlAction.run(XmlAction.java:67) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.service.runner.InlineServiceRunner.runService(InlineServiceRunner.java:59) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.service.ServiceCallSyncImpl.callSingle(ServiceCallSyncImpl.java:317) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.service.ServiceCallSyncImpl.call(ServiceCallSyncImpl.java:121) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at mantle_ledger_LedgerServices_init_PartyAccountingConfiguration.run(mantle_ledger_LedgerServices_init_PartyAccountingConfiguration:214) ~[?:?]
at org.moqui.impl.actions.XmlAction.run(XmlAction.java:67) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.service.runner.InlineServiceRunner.runService(InlineServiceRunner.java:59) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.service.ServiceCallSyncImpl.callSingle(ServiceCallSyncImpl.java:317) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.service.ServiceCallSyncImpl.call(ServiceCallSyncImpl.java:121) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.entity.EntityDataLoaderImpl$LoadValueHandler.handleService(EntityDataLoaderImpl.groovy:501) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.entity.EntityDataLoaderImpl$EntityXmlHandler.endElement(EntityDataLoaderImpl.groovy:786) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.AbstractXMLDocumentParser.emptyElement(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanStartElement(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.jaxp.SAXParserImpl.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at javax.xml.parsers.SAXParser.parse(SAXParser.java:195) ~[?:1.8.0_77]
at org.moqui.impl.entity.EntityDataLoaderImpl.loadSingleFile(EntityDataLoaderImpl.groovy:311) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.entity.EntityDataLoaderImpl$_internalRun_closure1.doCall(EntityDataLoaderImpl.groovy:284) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.context.TransactionFacadeImpl$_runRequireNew_closure1.doCall(TransactionFacadeImpl.groovy:198) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_77]
Caused by: java.lang.ArrayIndexOutOfBoundsException: 1
at S33f177c1_____partyDetail_pseudoId____t.run(S33f177c1_____partyDetail_pseudoId____t:1) ~[?:?]
at org.moqui.impl.context.ResourceFacadeImpl.expand(ResourceFacadeImpl.groovy:533) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
... 34 more
22:13:05.771 ERROR RequireNewTx o.moqui.i.c.MessageFacadeImpl Error in string expression ["""${partyDetail.pseudoId} ${timePeriodType.periodPurposeEnumId[0]}Y${fromLocalDate.getYear()}${timePeriodType?.lengthUomId!='TF_yr'?(timePeriodType.description.split('(?=[A-Z])')[1][0].toLowerCase())+(periodNum as String).padLeft(2,'0'):''}"""] from null
22:13:05.771 ERROR RequireNewTx o.moqui.i.c.MessageFacadeImpl 1
22:13:05.771 INFO RequireNewTx o.moqui.i.e.EntityDataLoaderImpl Called service mantle.ledger.LedgerServices.init#PartyAccountingConfiguration in data load, results: [:]
22:13:05.779 WARN RequireNewTx o.moqui.i.c.TransactionFacadeImpl Transaction rollback. The rollback was originally caused by: Error loading entity data
org.xml.sax.SAXException: Error running service [mantle.ledger.LedgerServices.init#PartyAccountingConfiguration] (line 153): org.moqui.BaseException: Error handling data load service call: Error in string expression ["""${partyDetail.pseudoId} ${timePeriodType.periodPurposeEnumId[0]}Y${fromLocalDate.getYear()}${timePeriodType?.lengthUomId!='TF_yr'?(timePeriodType.description.split('(?=[A-Z])')[1][0].toLowerCase())+(periodNum as String).padLeft(2,'0'):''}"""] from null
1
at org.moqui.impl.entity.EntityDataLoaderImpl$EntityXmlHandler.endElement(EntityDataLoaderImpl.groovy:790) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.AbstractXMLDocumentParser.emptyElement(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanStartElement(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.jaxp.SAXParserImpl.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at javax.xml.parsers.SAXParser.parse(SAXParser.java:195) ~[?:1.8.0_77]
at org.moqui.impl.entity.EntityDataLoaderImpl.loadSingleFile(EntityDataLoaderImpl.groovy:311) [moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.entity.EntityDataLoaderImpl$_internalRun_closure1.doCall(EntityDataLoaderImpl.groovy:284) [moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.entity.EntityDataLoaderImpl$_internalRun_closure1.call(EntityDataLoaderImpl.groovy) [moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.context.TransactionFacadeImpl$_runRequireNew_closure1.doCall(TransactionFacadeImpl.groovy:198) [moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.context.TransactionFacadeImpl$_runRequireNew_closure1.call(TransactionFacadeImpl.groovy) [moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at groovy.lang.Closure.run(Closure.java:486) [groovy-2.5.8.jar:2.5.8]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_77]
Caused by: org.moqui.BaseException: Error handling data load service call: Error in string expression ["""${partyDetail.pseudoId} ${timePeriodType.periodPurposeEnumId[0]}Y${fromLocalDate.getYear()}${timePeriodType?.lengthUomId!='TF_yr'?(timePeriodType.description.split('(?=[A-Z])')[1][0].toLowerCase())+(periodNum as String).padLeft(2,'0'):''}"""] from null
1
at org.moqui.impl.entity.EntityDataLoaderImpl$LoadValueHandler.handleService(EntityDataLoaderImpl.groovy:508) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.entity.EntityDataLoaderImpl$EntityXmlHandler.endElement(EntityDataLoaderImpl.groovy:786) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.AbstractXMLDocumentParser.emptyElement(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanStartElement(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.jaxp.SAXParserImpl.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at javax.xml.parsers.SAXParser.parse(SAXParser.java:195) ~[?:1.8.0_77]
at org.moqui.impl.entity.EntityDataLoaderImpl.loadSingleFile(EntityDataLoaderImpl.groovy:311) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.entity.EntityDataLoaderImpl$_internalRun_closure1.doCall(EntityDataLoaderImpl.groovy:284) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.context.TransactionFacadeImpl$_runRequireNew_closure1.doCall(TransactionFacadeImpl.groovy:198) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
... 1 more
22:13:05.780 WARN RequireNewTx o.moqui.i.c.TransactionFacadeImpl Transaction rollback for [Error loading entity data]. Here is the current location:
org.moqui.BaseException: Rollback location
at org.moqui.impl.context.TransactionFacadeImpl.rollback(TransactionFacadeImpl.groovy:445) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.context.TransactionFacadeImpl.rollback(TransactionFacadeImpl.groovy:421) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.entity.EntityDataLoaderImpl.loadSingleFile(EntityDataLoaderImpl.groovy:360) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.entity.EntityDataLoaderImpl$_internalRun_closure1.doCall(EntityDataLoaderImpl.groovy:284) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.context.TransactionFacadeImpl$_runRequireNew_closure1.doCall(TransactionFacadeImpl.groovy:198) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_77]
22:13:05.832 ERROR main .moqui.i.c.ExecutionContextFactoryImpl Error loading empty DB data (with types: all)
org.moqui.BaseException: Error loading entity data from file:/Users/fustic/Workspace/moqui/runtime/component/mantle-usl/data/ZbaOrganizationDemoData.xml
at org.moqui.impl.entity.EntityDataLoaderImpl.loadSingleFile(EntityDataLoaderImpl.groovy:361) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.entity.EntityDataLoaderImpl$_internalRun_closure1.doCall(EntityDataLoaderImpl.groovy:284) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.context.TransactionFacadeImpl$_runRequireNew_closure1.doCall(TransactionFacadeImpl.groovy:198) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at java.lang.Thread.run(Thread.java:745) ~[?:1.8.0_77]
Caused by: org.xml.sax.SAXException: Error running service [mantle.ledger.LedgerServices.init#PartyAccountingConfiguration] (line 153): org.moqui.BaseException: Error handling data load service call: Error in string expression ["""${partyDetail.pseudoId} ${timePeriodType.periodPurposeEnumId[0]}Y${fromLocalDate.getYear()}${timePeriodType?.lengthUomId!='TF_yr'?(timePeriodType.description.split('(?=[A-Z])')[1][0].toLowerCase())+(periodNum as String).padLeft(2,'0'):''}"""] from null
1
at org.moqui.impl.entity.EntityDataLoaderImpl$EntityXmlHandler.endElement(EntityDataLoaderImpl.groovy:790) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.AbstractXMLDocumentParser.emptyElement(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanStartElement(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.jaxp.SAXParserImpl.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at javax.xml.parsers.SAXParser.parse(SAXParser.java:195) ~[?:1.8.0_77]
at org.moqui.impl.entity.EntityDataLoaderImpl.loadSingleFile(EntityDataLoaderImpl.groovy:311) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.entity.EntityDataLoaderImpl$_internalRun_closure1.doCall(EntityDataLoaderImpl.groovy:284) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.entity.EntityDataLoaderImpl$_internalRun_closure1.call(EntityDataLoaderImpl.groovy) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.context.TransactionFacadeImpl$_runRequireNew_closure1.doCall(TransactionFacadeImpl.groovy:198) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.context.TransactionFacadeImpl$_runRequireNew_closure1.call(TransactionFacadeImpl.groovy) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at groovy.lang.Closure.run(Closure.java:486) ~[groovy-2.5.8.jar:2.5.8]
... 1 more
Caused by: org.moqui.BaseException: Error handling data load service call: Error in string expression ["""${partyDetail.pseudoId} ${timePeriodType.periodPurposeEnumId[0]}Y${fromLocalDate.getYear()}${timePeriodType?.lengthUomId!='TF_yr'?(timePeriodType.description.split('(?=[A-Z])')[1][0].toLowerCase())+(periodNum as String).padLeft(2,'0'):''}"""] from null
1
at org.moqui.impl.entity.EntityDataLoaderImpl$LoadValueHandler.handleService(EntityDataLoaderImpl.groovy:508) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.moqui.impl.entity.EntityDataLoaderImpl$EntityXmlHandler.endElement(EntityDataLoaderImpl.groovy:786) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.AbstractXMLDocumentParser.emptyElement(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanStartElement(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.jaxp.SAXParserImpl.parse(Unknown Source) ~[xercesImpl-2.12.0.jar:?]
at javax.xml.parsers.SAXParser.parse(SAXParser.java:195) ~[?:1.8.0_77]
at org.moqui.impl.entity.EntityDataLoaderImpl.loadSingleFile(EntityDataLoaderImpl.groovy:311) ~[moqui-framework-3.0.0-rc2.jar:3.0.0-rc2]
... 3 more
22:13:05.833 WARN main o.moqui.Moqui Data loaded into empty DB, re-initializing ExecutionContextFactory
In the MoquiDevConf.xml
<cache name="entity.data.feed.info" expire-time-idle="30"/>
and there is a checking in the EntityDataFeed.rebuildDataFeedEntityInfo()
if (System.currentTimeMillis() < (lastRebuildTime + 60000)) return
When the cache is expired and rebuildDataFeedEntityInfo is excuted, it will just return and the document data won't be indexed
Vulnerable Library - handlebars-2.0.0.min.jsHandlebars provides the power necessary to let you build semantic templates effectively with no frustration
Library home page: https://cdnjs.cloudflare.com/ajax/libs/handlebars.js/2.0.0/handlebars.min.js
Path to dependency file: /base-component/tools/screen/toolstatic/lib/swagger-ui/index.html
Path to vulnerable library: /base-component/tools/screen/toolstatic/lib/swagger-ui/lib/handlebars-2.0.0.js,/base-component/tools/screen/toolstatic/lib/swagger-ui/lib/handlebars-2.0.0.js
Dependency Hierarchy:
Found in HEAD commit: f5e5c8ccc2d14a1a2f4657ec2306e20c51039f21
Found in base branch: master
Vulnerability Details
Handlebars.js before 4.1.0 has Remote Code Execution (RCE)
Publish Date: 2019-01-30
URL: WS-2019-0103
CVSS 3 Score Details (5.6)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: handlebars-lang/handlebars.js@edc6220
Release Date: 2019-01-30
Fix Resolution: 4.1.0
Step up your Open Source Security Game with WhiteSource here
The create transition in FindDbView does not check if an entity with the same name already exists. We had a production instance where the customer unknowingly created a DbView with a name matching that of an existing entity and moqui started behaving funny.
I downloaded the new Moqui 1.6.1 framework and executed the gradle load and gradle run commands, everything worked splendidly. Next I added the MySQL JDBC driver to runtime/lib and configured the entity-facade.datasource in MoquiDevConf.xml as follows:
<datasource group-name="transactional" database-conf-name="mysql" schema-name="" startup-add-missing="true"> <inline-jdbc jdbc-uri="jdbc:mysql://127.0.0.1:3306/moqui161?autoReconnect=true&useUnicode=true&characterEncoding=UTF-8" jdbc-username="moqui" jdbc-password="moqui" pool-minsize="2" pool-maxsize="50" /> </datasource>
I then ran gradle load again and encountered the following error:
--- 17:25:01.816 [ main] ERROR org.moqui.impl.entity.EntityDbMeta
SQL Exception while executing the following SQL [CREATE TABLE EMAIL_MESSAGE (EMAIL_MESSAGE_ID VARCHAR(40) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL, ROOT_EMAIL_MESSAGE_ID VARCHAR(40) CHARACTER SET utf8 COLLATE utf8_general_ci, PARENT_EMAIL_MESSAGE_ID VARCHAR(40) CHARACTER SET utf8 COLLATE utf8_general_ci, STATUS_ID VARCHAR(40) CHARACTER SET utf8 COLLATE utf8_general_ci, EMAIL_TYPE_ENUM_ID VARCHAR(40) CHARACTER SET utf8 COLLATE utf8_general_ci, SENT_DATE DATETIME(3), RECEIVED_DATE DATETIME(3), SUBJECT VARCHAR(4095) CHARACTER SET utf8 COLLATE utf8_general_ci, BODY LONGTEXT CHARACTER SET utf8 COLLATE utf8_general_ci, NOTE VARCHAR(4095) CHARACTER SET utf8 COLLATE utf8_general_ci, HEADERS_STRING LONGTEXT CHARACTER SET utf8 COLLATE utf8_general_ci, FROM_ADDRESS VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_general_ci, TO_ADDRESSES VARCHAR(4095) CHARACTER SET utf8 COLLATE utf8_general_ci, CC_ADDRESSES VARCHAR(4095) CHARACTER SET utf8 COLLATE utf8_general_ci, BCC_ADDRESSES VARCHAR(4095) CHARACTER SET utf8 COLLATE utf8_general_ci, CONTENT_TYPE VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_general_ci, MESSAGE_ID VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_general_ci, FROM_USER_ID VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_general_ci, TO_USER_ID VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_general_ci, EMAIL_TEMPLATE_ID VARCHAR(40) CHARACTER SET utf8 COLLATE utf8_general_ci, EMAIL_SERVER_ID VARCHAR(40) CHARACTER SET utf8 COLLATE utf8_general_ci, LAST_UPDATED_STAMP DATETIME(3), CONSTRAINT PK_EMAIL_MESSAGE PRIMARY KEY (EMAIL_MESSAGE_ID)) ENGINE InnoDB CHARACTER SET utf8 COLLATE utf8_general_ci]: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Row size too large. The maximum row size for the used table type, not counting BLOBs, is 65535. This includes storage overhead, check the manual. You have to change some columns to TEXT or BLOBs
--- 17:25:01.816 [ main] WARN moqui.impl.context.TransactionFacadeImpl
Rollback only not set on current transaction, status is STATUS_NO_TRANSACTION
--- 17:25:01.817 [ main] INFO org.moqui.impl.entity.EntityDbMeta
Created table [EMAIL_MESSAGE] for entity [moqui.basic.email.EmailMessage]
The only way I was able to proceed was to override the database-list.database configuration in MoquiDevConf.xml as follows:
<database name="mysql" join-style="ansi-no-parenthesis" offset-style="limit" table-engine="InnoDB" character-set="utf8" collate="utf8_general_ci" default-isolation-level="ReadCommitted" default-jdbc-driver="com.mysql.jdbc.Driver" default-xa-ds-class="com.mysql.jdbc.jdbc2.optional.MysqlXADataSource" default-test-query="SELECT 1"> <database-type type="text-long" sql-type="TEXT"/> </database>
Vulnerable Library - swagger-uiv2.1.4
Swagger UI is a collection of HTML, Javascript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API.
Library home page: https://github.com/swagger-api/swagger-ui.git
Found in HEAD commit: f5e5c8ccc2d14a1a2f4657ec2306e20c51039f21
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
swagger-ui has XSS in key names
Publish Date: 2019-12-20
URL: CVE-2016-1000229
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/126
Release Date: 2019-07-11
Fix Resolution: 2.2.1
Step up your Open Source Security Game with WhiteSource here
drop-down with sever-search enabled dynamic-options throw js error when item selected.
Error is from MoquiLib.js
// custom event handler: programmatically trigger validation
$(function() { $('.select2-hidden-accessible').on('select2:select', function(evt) { $(evt.params.data.element).valid(); }); });
Because evt.params.data.element is undefined.
I config the production mode as flows
and the Qz component is not displayed in the WebrootVue.vuet.ftl
Vulnerable Library - handlebars-2.0.0.min.jsHandlebars provides the power necessary to let you build semantic templates effectively with no frustration
Library home page: https://cdnjs.cloudflare.com/ajax/libs/handlebars.js/2.0.0/handlebars.min.js
Path to dependency file: /base-component/tools/screen/toolstatic/lib/swagger-ui/index.html
Path to vulnerable library: /base-component/tools/screen/toolstatic/lib/swagger-ui/lib/handlebars-2.0.0.js,/base-component/tools/screen/toolstatic/lib/swagger-ui/lib/handlebars-2.0.0.js
Dependency Hierarchy:
Found in HEAD commit: f5e5c8ccc2d14a1a2f4657ec2306e20c51039f21
Found in base branch: master
Vulnerability Details
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's proto and defineGetter properties, which may allow an attacker to execute arbitrary code through crafted payloads.
Publish Date: 2019-12-20
URL: CVE-2019-19919
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1164
Release Date: 2019-12-20
Fix Resolution: 4.3.0
Step up your Open Source Security Game with WhiteSource here
selected a month in the DateTimePicker , month display is incorrect
Vulnerable Library - swagger-uiv2.1.4
Swagger UI is a collection of HTML, Javascript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API.
Library home page: https://github.com/swagger-api/swagger-ui.git
Found in HEAD commit: f5e5c8ccc2d14a1a2f4657ec2306e20c51039f21
Found in base branch: master
Vulnerable Source Files (1)
Vulnerability Details
Affected versions of the package are vulnerable to Cross-site Scripting (XSS) due to not escaping html script tags.
Publish Date: 2016-09-01
URL: WS-2017-0143
CVSS 3 Score Details (5.4)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: swagger-api/swagger-ui#2374
Release Date: 2016-09-01
Fix Resolution: 2.2.3
Step up your Open Source Security Game with WhiteSource here
This occurs in dialog, opened as modal (dialog).
After I fill the value in the first dropdown using keyboard (search party, then hit Enter to confirm the selection), the field focus is lost (I would expect the focus to jump to the next field on the dialog). But when I hit TAB, the fields on the parent form are focused instead (starting with icon as seen on the screenshot).
If I want to get back on the next field in the dialog, I have to TAB over all items on the parent. This makes use of keyboard quite ineffective.
Can I set the tab index of the fields somehow?
I have defined a field
type="number-decimal" not-null="false"
With a user and local="en" this works correctly: 1.23 get 1.23 ... and so on ...
When I change the locale to "de" ... and put in 1**,**23 geht an error:
When I enter 1.23, it becomes 123 witout decimal places ...
I am using Moqui 2.1.1RC ...
What am I doing wrong?
The datetime picker in modal dialog works correctly, when custom format is not applied. When I set the format to custom, it stops working.
This one is not working:
This one is working: Format not defined.
When I define a form-single and extends from another form and use owner-form to submit,I found that the extends form part is disabled.
And I think it maybe change in DefaultScreenMarcros.html.ftl(line 578) and DefaultScreenMarcros.vuet.ftl(line 371) with the code below:
<fieldset class="form-horizontal"<#if urlInstance.disableLink> disabled="disabled"</#if>>
change to
<fieldset class="form-horizontal"<#if !urlInstance.disableLink || ownerForm?has_content> <#else>disabled="disabled"</#if>>
If a screen use as decorator of subscreens, it will not listed in header menus, but in vuejs mode, it will listed in menu.
When multiple form-lists in same screen.
Only Find button in first-list's header dialog can click.
Click Find button of following form-list don't submit form.
And the orderBy fields of other header dialogs showing default-order-by of first form-list.
Hi David,
Just found that if you are trying to test out an API on the demo server then you get a mixed content error message and it wont process:
swagger-ui.min.js:10 Mixed Content: The page at 'https://demo.moqui.org/assets/lib/swagger-ui/index.html?url=https://demo.moqui.org/rest/service.swagger/example#!/examples/post_examples' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://demo.moqui.org:443/rest/s1/example/examples'. This request has been blocked; the content must be served over HTTPS.
Thanks
Sam
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.