dhis2-devs team mailing list archive

Thread
Date

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 6114: Fixed npe vulnerability

To: DHIS 2 developers <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
From: noreply@xxxxxxxxxxxxx
Date: Sun, 26 Feb 2012 21:21:12 -0000
Reply-to: noreply@xxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

------------------------------------------------------------
revno: 6114
committer: Lars Helge Overland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Sun 2012-02-26 22:19:49 +0100
message:
  Fixed npe vulnerability
modified:
  dhis-2/dhis-services/dhis-service-reporting/src/main/java/org/hisp/dhis/report/impl/DefaultReportService.java
  dhis-2/dhis-services/dhis-service-reporting/src/main/java/org/hisp/dhis/reporttable/impl/DefaultReportTableService.java
  dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/JRExportUtils.java
  dhis-2/dhis-web/dhis-web-reporting/src/main/java/org/hisp/dhis/reporting/reportviewer/action/RenderReportAction.java


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription

=== modified file 'dhis-2/dhis-services/dhis-service-reporting/src/main/java/org/hisp/dhis/report/impl/DefaultReportService.java'
--- dhis-2/dhis-services/dhis-service-reporting/src/main/java/org/hisp/dhis/report/impl/DefaultReportService.java	2011-12-26 10:07:59 +0000
+++ dhis-2/dhis-services/dhis-service-reporting/src/main/java/org/hisp/dhis/report/impl/DefaultReportService.java	2012-02-26 21:19:49 +0000
@@ -157,7 +157,8 @@
                 try
                 {
                     print = JasperFillManager.fillReport( jasperReport, params, connection );
-                } finally
+                } 
+                finally
                 {
                     connection.close();
                 }
@@ -167,7 +168,8 @@
             {
                 JRExportUtils.export( type, out, print );
             }
-        } catch ( Exception ex )
+        } 
+        catch ( Exception ex )
         {
             throw new RuntimeException( "Failed to render report", ex );
         }

=== modified file 'dhis-2/dhis-services/dhis-service-reporting/src/main/java/org/hisp/dhis/reporttable/impl/DefaultReportTableService.java'
--- dhis-2/dhis-services/dhis-service-reporting/src/main/java/org/hisp/dhis/reporttable/impl/DefaultReportTableService.java	2012-02-20 10:20:01 +0000
+++ dhis-2/dhis-services/dhis-service-reporting/src/main/java/org/hisp/dhis/reporttable/impl/DefaultReportTableService.java	2012-02-26 21:19:49 +0000
@@ -305,7 +305,8 @@
         // Parent organisation unit report parameter
         // ---------------------------------------------------------------------
 
-        if ( reportTable.getReportParams() != null && reportTable.getReportParams().isParamParentOrganisationUnit() )
+        if ( reportTable.getReportParams() != null && 
+            reportTable.getReportParams().isParamParentOrganisationUnit() )
         {
             OrganisationUnit organisationUnit = organisationUnitService.getOrganisationUnit( organisationUnitId );
             organisationUnit.setCurrentParent( true );
@@ -320,7 +321,8 @@
         // Organisation unit report parameter
         // ---------------------------------------------------------------------
 
-        if ( reportTable.getReportParams() != null && reportTable.getReportParams().isParamOrganisationUnit() )
+        if ( reportTable.getReportParams() != null && 
+            reportTable.getReportParams().isParamOrganisationUnit() )
         {
             OrganisationUnit organisationUnit = organisationUnitService.getOrganisationUnit( organisationUnitId );
             reportTable.getRelativeUnits().add( organisationUnit );

=== modified file 'dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/JRExportUtils.java'
--- dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/JRExportUtils.java	2011-12-26 10:07:59 +0000
+++ dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/JRExportUtils.java	2012-02-26 21:19:49 +0000
@@ -58,11 +58,16 @@
     public static void export( String type, OutputStream out, JasperPrint jasperPrint )
         throws JRException
     {
-        JRAbstractExporter exporter = exporters.get( type ).provide();
+        JRExportProvider provider = exporters.get( type );
         
-        exporter.setParameter( JRExporterParameter.OUTPUT_STREAM, out );
-        exporter.setParameter( JRExporterParameter.JASPER_PRINT, jasperPrint );
-        exporter.exportReport();
+        if ( provider != null )
+        {
+            JRAbstractExporter exporter = provider.provide();
+            
+            exporter.setParameter( JRExporterParameter.OUTPUT_STREAM, out );
+            exporter.setParameter( JRExporterParameter.JASPER_PRINT, jasperPrint );
+            exporter.exportReport();
+        }
     }
     
     private interface JRExportProvider

=== modified file 'dhis-2/dhis-web/dhis-web-reporting/src/main/java/org/hisp/dhis/reporting/reportviewer/action/RenderReportAction.java'
--- dhis-2/dhis-web/dhis-web-reporting/src/main/java/org/hisp/dhis/reporting/reportviewer/action/RenderReportAction.java	2011-12-26 10:07:59 +0000
+++ dhis-2/dhis-web/dhis-web-reporting/src/main/java/org/hisp/dhis/reporting/reportviewer/action/RenderReportAction.java	2012-02-26 21:19:49 +0000
@@ -28,6 +28,7 @@
  */
 
 import static org.apache.commons.lang.StringUtils.defaultIfEmpty;
+import static org.apache.commons.lang.StringUtils.trimToEmpty;
 
 import java.io.OutputStream;
 import java.util.Date;
@@ -109,7 +110,7 @@
     protected String execute( HttpServletResponse response, OutputStream out )
         throws Exception
     {
-        type = defaultIfEmpty( type, DEFAULT_TYPE );
+        type = defaultIfEmpty( trimToEmpty( type ), DEFAULT_TYPE );
         
         Report report = reportService.getReport( id );