dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #17127
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 6719: Protecting in-queries from invalid input in data value store
------------------------------------------------------------
revno: 6719
committer: Lars Helge Overland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Tue 2012-04-24 12:28:06 +0200
message:
Protecting in-queries from invalid input in data value store
modified:
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/datavalue/hibernate/HibernateDataValueStore.java
dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/commons/action/GetAvailablePeriodsAction.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/datavalue/hibernate/HibernateDataValueStore.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/datavalue/hibernate/HibernateDataValueStore.java 2011-12-26 10:07:59 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/datavalue/hibernate/HibernateDataValueStore.java 2012-04-24 10:28:06 +0000
@@ -213,7 +213,12 @@
public Collection<DataValue> getDataValues( Collection<OrganisationUnit> sources, DataElement dataElement )
{
Session session = sessionFactory.getCurrentSession();
-
+
+ if ( sources == null || sources.isEmpty() )
+ {
+ return Collections.emptySet();
+ }
+
Criteria criteria = session.createCriteria( DataValue.class );
criteria.add( Restrictions.in( "source", sources ) );
criteria.add( Restrictions.eq( "dataElement", dataElement ) );
@@ -226,7 +231,7 @@
{
Period storedPeriod = periodStore.reloadPeriod( period );
- if ( storedPeriod == null )
+ if ( storedPeriod == null || dataElements == null || dataElements.isEmpty() )
{
return Collections.emptySet();
}
@@ -247,7 +252,7 @@
{
Period storedPeriod = periodStore.reloadPeriod( period );
- if ( storedPeriod == null )
+ if ( storedPeriod == null || dataElements == null || dataElements.isEmpty() || optionCombos == null || optionCombos.isEmpty() )
{
return Collections.emptySet();
}
@@ -269,7 +274,7 @@
{
Period storedPeriod = periodStore.reloadPeriod( period );
- if ( storedPeriod == null )
+ if ( storedPeriod == null || sources == null || sources.isEmpty() )
{
return new HashSet<DataValue>();
}
@@ -300,6 +305,11 @@
}
}
+ if ( storedPeriods.isEmpty() || sources == null || sources.isEmpty() )
+ {
+ return new HashSet<DataValue>();
+ }
+
Session session = sessionFactory.getCurrentSession();
Criteria criteria = session.createCriteria( DataValue.class );
@@ -326,6 +336,11 @@
}
}
+ if ( storedPeriods.isEmpty() || sources == null || sources.isEmpty() )
+ {
+ return new HashSet<DataValue>();
+ }
+
Session session = sessionFactory.getCurrentSession();
Criteria criteria = session.createCriteria( DataValue.class );
@@ -342,6 +357,11 @@
{
Session session = sessionFactory.getCurrentSession();
+ if ( optionCombos == null || optionCombos.isEmpty() )
+ {
+ return new HashSet<DataValue>();
+ }
+
Criteria criteria = session.createCriteria( DataValue.class );
criteria.add( Restrictions.in( "optionCombo", optionCombos ) );
=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/commons/action/GetAvailablePeriodsAction.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/commons/action/GetAvailablePeriodsAction.java 2011-12-26 10:07:59 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/commons/action/GetAvailablePeriodsAction.java 2012-04-24 10:28:06 +0000
@@ -100,7 +100,8 @@
Calendar cal = PeriodType.createCalendarInstance();
// Cannot go to next year if current year equals this year
- if ( !(currentYear == thisYear && year > 0) )
+
+ if ( !( currentYear == thisYear && year > 0 ) )
{
cal.set( Calendar.YEAR, currentYear );
cal.add( Calendar.YEAR, year );
