dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #22456
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 10785: Mobile, improved potential dirty-check vulnerability
------------------------------------------------------------
revno: 10785
committer: Lars Helge Øverland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Thu 2013-05-09 18:53:27 +0200
message:
Mobile, improved potential dirty-check vulnerability
modified:
dhis-2/dhis-services/dhis-service-mobile/src/main/java/org/hisp/dhis/mobile/service/FacilityReportingServiceImpl.java
dhis-2/dhis-services/dhis-service-mobile/src/main/java/org/hisp/dhis/mobile/service/ModelMapping.java
dhis-2/dhis-web/dhis-web-light/src/main/java/org/hisp/dhis/light/dataentry/action/GetSectionFormAction.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-services/dhis-service-mobile/src/main/java/org/hisp/dhis/mobile/service/FacilityReportingServiceImpl.java'
--- dhis-2/dhis-services/dhis-service-mobile/src/main/java/org/hisp/dhis/mobile/service/FacilityReportingServiceImpl.java 2013-04-10 03:13:47 +0000
+++ dhis-2/dhis-services/dhis-service-mobile/src/main/java/org/hisp/dhis/mobile/service/FacilityReportingServiceImpl.java 2013-05-09 16:53:27 +0000
@@ -38,6 +38,7 @@
import java.util.Map;
import java.util.Set;
+import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.hisp.dhis.api.mobile.FacilityReportingService;
@@ -232,17 +233,13 @@
ds.setId( dataSet.getId() );
- // Name defaults to short name with fallback to name if empty
- String name = dataSet.getShortName();
- if ( emptyString( name ) )
- {
- name = dataSet.getName();
- }
+ String name = StringUtils.defaultIfEmpty( dataSet.getName(), dataSet.getShortName() );
ds.setName( name );
-
ds.setVersion( 1 );
+
Integer version = dataSet.getVersion();
+
if ( version != null )
{
ds.setVersion( version );
@@ -262,7 +259,8 @@
Collections.sort( dataElements, dataElementComparator );
- // Fake Section to store Data Elements
+ // Fake section to store data elements
+
Section section = new Section();
section.setId( 0 );
section.setName( "" );
@@ -271,27 +269,31 @@
}
else
{
- for ( org.hisp.dhis.dataset.Section s : sections )
+ for ( org.hisp.dhis.dataset.Section sec : sections )
{
-
Section section = new Section();
- section.setId( s.getId() );
- section.setName( s.getName() );
+ section.setId( sec.getId() );
+ section.setName( sec.getName() );
- // Remove grey fields(in order to not display them on mobile)
- List<DataElement> dataElementList = getDataElements( locale, s.getDataElements() );
+ List<org.hisp.dhis.dataelement.DataElement> des = new ArrayList<org.hisp.dhis.dataelement.DataElement>( sec.getDataElements() );
+
+ // Remove grey fields in order to not display them on mobile
+
+ List<DataElement> dataElementList = getDataElements( locale, des );
List<DataElement> dataElementListFinal = new ArrayList<DataElement>( dataElementList );
int tempI = 0;
+
for ( int i = 0; i < dataElementList.size(); i++ )
{
- if ( isGreyField( s, dataElementList.get( i ).getId() ) )
+ if ( isGreyField( sec, dataElementList.get( i ).getId() ) )
{
dataElementListFinal.remove( i - tempI );
tempI++;
}
}
+
section.setDataElements( dataElementListFinal );
sectionList.add( section );
}
@@ -311,10 +313,12 @@
DataElement de = modelMapping.getDataElement( dataElement );
// For facility Reporting, no data elements are mandatory
+
de.setCompulsory( false );
dataElementList.add( de );
}
+
return dataElementList;
}
@@ -356,7 +360,7 @@
continue;
}
- if ( emptyString( dataValue.getValue() ) )
+ if ( StringUtils.isEmpty( dataValue.getValue() ) )
{
log.debug( "Empty data value for data element " + dataValue.getId() + " not saved" );
continue;
@@ -366,8 +370,7 @@
}
- CompleteDataSetRegistration registration = registrationService.getCompleteDataSetRegistration( dataSet, period,
- unit );
+ CompleteDataSetRegistration registration = registrationService.getCompleteDataSetRegistration( dataSet, period, unit );
if ( registration != null )
{
@@ -396,6 +399,7 @@
{
dataElementMap.put( dataElement.getId(), dataElement );
}
+
return dataElementMap;
}
@@ -404,10 +408,8 @@
return unit.getDataSets().contains( dataSet );
}
- private void saveValue( OrganisationUnit unit, Period period, org.hisp.dhis.dataelement.DataElement dataElement,
- DataValue dv )
+ private void saveValue( OrganisationUnit unit, Period period, org.hisp.dhis.dataelement.DataElement dataElement, DataValue dv )
{
-
String value = dv.getValue().trim();
DataElementCategoryOptionCombo cateOptCombo = categoryService.getDataElementCategoryOptionCombo( dv
@@ -434,11 +436,6 @@
// Supportive method
// -------------------------------------------------------------------------
- private boolean emptyString( String value )
- {
- return value == null || value.trim().isEmpty();
- }
-
public Period getPeriod( String periodName, PeriodType periodType )
{
Period period = PeriodUtil.getPeriod( periodName, periodType );
@@ -461,16 +458,15 @@
private boolean isGreyField( org.hisp.dhis.dataset.Section section, int id )
{
- boolean isGrayField = false;
-
for ( DataElementOperand operand : section.getGreyedFields() )
{
if ( id == operand.getDataElement().getId() )
{
- isGrayField = true;
+ return true;
}
}
- return isGrayField;
+
+ return false;
}
// -------------------------------------------------------------------------
@@ -533,9 +529,7 @@
@Override
public Contact updateContactForMobile()
- {
-
- Contact contact = new Contact();
+ { Contact contact = new Contact();
List<String> listOfContacts = new ArrayList<String>();
@@ -551,5 +545,4 @@
return contact;
}
-
}
=== modified file 'dhis-2/dhis-services/dhis-service-mobile/src/main/java/org/hisp/dhis/mobile/service/ModelMapping.java'
--- dhis-2/dhis-services/dhis-service-mobile/src/main/java/org/hisp/dhis/mobile/service/ModelMapping.java 2013-03-21 07:12:02 +0000
+++ dhis-2/dhis-services/dhis-service-mobile/src/main/java/org/hisp/dhis/mobile/service/ModelMapping.java 2013-05-09 16:53:27 +0000
@@ -47,11 +47,13 @@
de.setType( dataElement.getType() );
de.setCategoryOptionCombos( getCategoryOptionCombos( dataElement ) );
+
+ // Limit the optionset transfer to the client
+ if ( dataElement.getOptionSet() != null && dataElement.getOptionSet().getOptions().size() <= 50 )
+ {
+ de.setOptionSet( getOptionSet( dataElement ) );
+ }
- //Limit the optionset transfer to the client
- if (dataElement.getOptionSet() != null && dataElement.getOptionSet().getOptions().size() <= 50) {
- de.setOptionSet( getOptionSet( dataElement ) );
- }
return de;
}
@@ -72,7 +74,7 @@
return mobileOptionSet;
}
-
+
public org.hisp.dhis.api.mobile.model.OptionSet getLWUITOptionSet( org.hisp.dhis.dataelement.DataElement dataElement )
{
org.hisp.dhis.option.OptionSet dhisOptionSet = dataElement.getOptionSet();
@@ -109,5 +111,4 @@
}
return deCateOptCombo;
}
-
}
=== modified file 'dhis-2/dhis-web/dhis-web-light/src/main/java/org/hisp/dhis/light/dataentry/action/GetSectionFormAction.java'
--- dhis-2/dhis-web/dhis-web-light/src/main/java/org/hisp/dhis/light/dataentry/action/GetSectionFormAction.java 2013-01-28 09:42:58 +0000
+++ dhis-2/dhis-web/dhis-web-light/src/main/java/org/hisp/dhis/light/dataentry/action/GetSectionFormAction.java 2013-05-09 16:53:27 +0000
@@ -253,9 +253,7 @@
{
for ( DataElementOperand operand : section.getGreyedFields() )
{
- System.out.println("Grey field:" + operand.getDataElement().getId() + ":" + operand.getCategoryOptionCombo().getId());
- greyedFields.put( operand.getDataElement().getId() + ":" + operand.getCategoryOptionCombo().getId(),
- true );
+ greyedFields.put( operand.getDataElement().getId() + ":" + operand.getCategoryOptionCombo().getId(), true );
}
}
}
