1. 20 Feb, 2017 1 commit
    • Arnaud Fontaine's avatar
      Portal Type as Classes: Fix memory leak: reset erp5.* classes were never GC (#20170126-19C38D8). · 97c6b129
      Arnaud Fontaine authored
      zope.{interface,component} implement Interfaces through __implements__,
      __implemented__ (both implementedBy instances) and __provides__ (ClassProvides
      instance) attributes set on the class itself through implementedByFallback
      (zope.interface.declarations).
      
      However, this implementation creates circular references by referencing the
      class itself and thus erp5.* classes (and all its Accessors instances) were
      never GC even after a reset.
      
      When running testXHTML and installing the Unit Tests bt5s:
        * After 10 resets:  21MB leak (~  7% of Zope process USS).
        * After 20 resets:  70MB leak (~ 18% of Zope process USS).
        * After 28 resets: 122MB leak (~ 26% of Zope process USS).
      97c6b129
  2. 10 Nov, 2016 1 commit
    • Arnaud Fontaine's avatar
      Backport: Base_callDialogMethod: Do not redirect when form has a password field. · 8cc8fb5d
      Arnaud Fontaine authored
      If it is the case *and* the action script does not redirect, the password will be
      in user's browser history.
      There can be two different reasons to not redirect:
      - not following the API (ie, intentionally not redirecting)
      - letting an exception reach ZPublisher
      Also, if the non-redirection causes an HTML page to be rendered, resources
      loaded by that page will have a referrer containing the password, leaking it
      to potentially foreign servers.
      8cc8fb5d
  3. 04 Nov, 2016 2 commits
  4. 21 Oct, 2016 2 commits
    • Arnaud Fontaine's avatar
      Backport 6fd21826 ListBox fix from master branch (#KMS-819). · 78445246
      Arnaud Fontaine authored
      ListBox: Navigation methods should not be created when rendering ListBox (#20161014-741678).
      
      These methods were generated when rendering the ListBox and with the id
      of the ListBox in their name. However, a customer reported the following
      problem on Accounting Periods ListBox:
      
        1. Display Accounting Period ListBox on ZEO-1.
             => The ListBox will be rendered and 'listbox_period_list_*' methods will be generated on ZEO-1.
        2.  Click on 'Next Page' button and the user is redirect to ZEO-2 where the ListBox has never been generated.
             => The method does not exist yet and thus a 404 error is raised.
      
      Instead of having one method per ListBox ID, only one is now created (eg
      listbox_setPage() for SelectionTool.setPage()) at Zope startup and the
      ListBox ID previously defined in the method name is now defined in the
      value attributes of the buttons.
      78445246
    • Arnaud Fontaine's avatar
      Portal Type as Classes: Fix memory leak: Workflow method list was never... · 3ecb8c85
      Arnaud Fontaine authored
      Portal Type as Classes: Fix memory leak: Workflow method list was never emptied and thus reset Workflow Methods were never GC.
      3ecb8c85
  5. 04 Apr, 2016 1 commit
    • Julien Muchembled's avatar
      Fix memory leak and DoS in ERP5Site.log() and Base.log() · 34cb27f2
      Julien Muchembled authored
      ERP5Site.log and Base.log are wrappers to the 'log' function from
      Product.ERP5Type.Log, but parameters were forwarded in a wrong way
      when called with a single argument:
      
        self.log(message) # Base method
      
      This was equivalent to:
      
        log(message, '')  # function from Product.ERP5Type.Log
      
      And the whole message was later part of subsystem in:
      
        logger = logging.getLogger(subsystem)
      
      But because loggers are never freed, it is important that 'subsystem' does not
      vary too often, to avoid a memory leak.
      
      The fix is to simply forwarding parameters with catchall arguments, instead of
      duplicating the signature from Product.ERP5Type.Log.
      
      Of course, it remains important to call these methods correctly, otherwise
      memory leaks can happen again. For this reason, catchall arguments also
      prevents ERP5Site.log and Base.log to be called by ZPublisher.
      Reported-by: Kirill Smelkov's avatarKirill Smelkov <kirr@nexedi.com>
      Reviewed-by: Kirill Smelkov's avatarKirill Smelkov <kirr@nexedi.com>
      34cb27f2
  6. 10 Jun, 2015 1 commit
  7. 25 Nov, 2014 2 commits
  8. 05 Nov, 2014 1 commit
  9. 22 Sep, 2014 1 commit
  10. 05 Sep, 2014 1 commit
  11. 04 Sep, 2014 1 commit
  12. 25 Aug, 2014 2 commits
  13. 29 Jul, 2014 1 commit
  14. 06 Mar, 2014 1 commit
  15. 13 Dec, 2013 1 commit
  16. 12 Dec, 2013 1 commit
    • Arnaud Fontaine's avatar
      Support properly HTML5 implicit form submission. · 2ceffaa9
      Arnaud Fontaine authored
      From Chromium 31, pressing enter key to select ListBox page submit the form
      through JS (submitFormOnEnter) *and* wrongly on the default button, at the end
      following HTML5 behavior (4.10.22.2 Implicit submission).
      
      Conflicts:
      	product/ERP5/bootstrap/erp5_xhtml_style/bt/change_log
      	product/ERP5/bootstrap/erp5_xhtml_style/bt/revision
      2ceffaa9
  17. 31 Oct, 2013 1 commit
    • Arnaud Fontaine's avatar
      Portal Type as Classes, ZODB Property Sheets: Ensure that they are reset on · 86fc5cb4
      Arnaud Fontaine authored
      other ZEO clients even if ZODB Components are not.
      
      Steps to reproduce:
      
        1/ On zope1, view and edit a person to make sure class is fully loaded.
        2/ On zope2 add an interaction in person_interaction_workflow and add a script raising an exception.
        3/ Edit a person on zope2. The exception is raised, confirming that the interaction is called.
      
        When editing a person on zope1, the exception is not raised.
      86fc5cb4
  18. 29 Oct, 2013 1 commit
    • Tatuya Kamada's avatar
      AccessTab: Fix an accesstab front page caching problem. · 5d6af31e
      Tatuya Kamada authored
      Fix a problem that access-tab-front-page wrongly caching old page, for example,
      even if a user switching to use 'https' from 'http', old 'http' links are
      remaining at the front page.
      
      That was because the key of the CachingMethod which was used for caching the
      page was ('user' and 'language').
      Now the caching key is ('user', 'language' and 'site_url').
      5d6af31e
  19. 13 Sep, 2013 1 commit
  20. 05 Sep, 2013 1 commit
  21. 21 Aug, 2013 1 commit
  22. 19 Aug, 2013 7 commits
  23. 09 Aug, 2013 3 commits
  24. 08 Aug, 2013 5 commits