dhis2-devs team mailing list archive

Thread
Date

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 12973: escape dataValue if type is string in data-entry

To: DHIS 2 developers <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
From: noreply@xxxxxxxxxxxxx
Date: Tue, 19 Nov 2013 13:46:32 -0000
Reply-to: noreply@xxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

------------------------------------------------------------
revno: 12973
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Tue 2013-11-19 14:45:37 +0100
message:
  escape dataValue if type is string in data-entry
modified:
  dhis-2/dhis-web/dhis-web-dataentry/src/main/java/org/hisp/dhis/de/action/SaveValueAction.java


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription

=== modified file 'dhis-2/dhis-web/dhis-web-dataentry/src/main/java/org/hisp/dhis/de/action/SaveValueAction.java'
--- dhis-2/dhis-web/dhis-web-dataentry/src/main/java/org/hisp/dhis/de/action/SaveValueAction.java	2013-09-27 12:55:38 +0000
+++ dhis-2/dhis-web/dhis-web-dataentry/src/main/java/org/hisp/dhis/de/action/SaveValueAction.java	2013-11-19 13:45:37 +0000
@@ -29,7 +29,7 @@
  */
 
 import com.opensymphony.xwork2.Action;
-
+import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -141,7 +141,7 @@
     {
         this.periodId = periodId;
     }
-    
+
     // -------------------------------------------------------------------------
     // Output
     // -------------------------------------------------------------------------
@@ -172,33 +172,33 @@
         {
             return logError( "Invalid organisation unit identifier: " + organisationUnitId );
         }
-        
+
         DataElement dataElement = dataElementService.getDataElement( dataElementId );
 
         if ( dataElement == null )
         {
             return logError( "Invalid data element identifier: " + dataElementId );
         }
-        
+
         DataElementCategoryOptionCombo optionCombo = categoryService.getDataElementCategoryOptionCombo( optionComboId );
 
         if ( optionCombo == null )
         {
             return logError( "Invalid category option combo identifier: " + optionComboId );
         }
-        
+
         String storedBy = currentUserService.getCurrentUsername();
 
         Date now = new Date();
 
         value = StringUtils.trimToNull( value );
-        
+
         // ---------------------------------------------------------------------
         // Validate value according to type from data element
         // ---------------------------------------------------------------------
 
         String valid = ValidationUtils.dataValueIsValid( value, dataElement );
-        
+
         if ( valid != null )
         {
             return logError( valid, 3 );
@@ -219,6 +219,11 @@
 
         DataValue dataValue = dataValueService.getDataValue( organisationUnit, dataElement, period, optionCombo );
 
+        if ( DataElement.VALUE_TYPE_STRING.equals( dataElement.getType() ) )
+        {
+            value = StringEscapeUtils.escapeJavaScript( value );
+        }
+
         if ( dataValue == null )
         {
             if ( value != null )