dhis2-devs team mailing list archive

Thread
Date

[Merge] lp:~dhis2-devs-core/dhis2/dcocos into lp:dhis2

To: mp+192164@xxxxxxxxxxxxxxxxxx, Lars Helge Øverland <larshelge@xxxxxxxxx>
From: Dan Cocos <dan@xxxxxxxxxxxx>
Date: Tue, 22 Oct 2013 14:48:33 -0000
In-reply-to: <20131022144710.5164.90888.launchpad@ackee.canonical.com>
Reply-to: mp+192164@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Dan Cocos has proposed merging lp:~dhis2-devs-core/dhis2/dcocos into lp:dhis2.

Requested reviews:
  Lars Helge Øverland (larshelge)

For more details, see:
https://code.launchpad.net/~dhis2-devs-core/dhis2/dcocos/+merge/192164

When OUs have a single quote in the name they are not properly escaped in JS
This should probably be merged into 2.13 as well.
-- 
https://code.launchpad.net/~dhis2-devs-core/dhis2/dcocos/+merge/192164
Your team DHIS 2 developers is subscribed to branch lp:dhis2.

=== modified file 'dhis-2/dhis-web/dhis-web-caseentry/src/main/webapp/dhis-web-caseentry/selectPatient.vm'
--- dhis-2/dhis-web/dhis-web-caseentry/src/main/webapp/dhis-web-caseentry/selectPatient.vm	2013-10-15 10:10:06 +0000
+++ dhis-2/dhis-web/dhis-web-caseentry/src/main/webapp/dhis-web-caseentry/selectPatient.vm	2013-10-22 14:46:59 +0000
@@ -127,10 +127,10 @@
 	#if( $status == 1 )
 		setFieldValue('selectedOrgunitText', i18n_please_select_village );
 	#elseif( $status == 2 )
-		setFieldValue('selectedOrgunitText', '$organisationUnit.name' );
+		setFieldValue('selectedOrgunitText', '$esc($organisationUnit.name)' );
 		enable('listPatientBtn');
 	#else
-		setFieldValue('selectedOrgunitText', '$organisationUnit.name' );
+		setFieldValue('selectedOrgunitText', '$esc($organisationUnit.name)' );
 		enable('listPatientBtn');
 		showById('searchDiv');
 	#end

=== modified file 'dhis-2/dhis-web/dhis-web-sms/src/main/webapp/dhis-web-sms/sendBeneficiarySMSPage.vm'
--- dhis-2/dhis-web/dhis-web-sms/src/main/webapp/dhis-web-sms/sendBeneficiarySMSPage.vm	2013-09-04 10:01:16 +0000
+++ dhis-2/dhis-web/dhis-web-sms/src/main/webapp/dhis-web-sms/sendBeneficiarySMSPage.vm	2013-10-22 14:46:59 +0000
@@ -165,9 +165,11 @@
 	#if( $status == 1 )
 		setFieldValue('selectedOrgunitText', i18n_please_select_village );
 	#elseif( $status == 2 )
-		setFieldValue('selectedOrgunitText', '$organisationUnit.name' );
+		setFieldValue('selectedOrgunitText', '$esc($organisationUnit.name)' );
+		enable('listPatientBtn');
 	#else
-		setFieldValue('selectedOrgunitText', '$organisationUnit.name' );
+		setFieldValue('selectedOrgunitText', '$esc($organisationUnit.name)' );
+		enable('listPatientBtn');
 		showById('searchDiv');
 	#end	
 </script>
\ No newline at end of file

References

[Merge] lp:~dhis2-devs-core/dhis2/dcocos into lp:dhis2
From: Dan Cocos, 2013-10-22