← Back to team overview

dhis2-devs team mailing list archive

  1. dhis2-devs team
  2. Mailing list archive
  3. Message #31574

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 16112: ER EV filter items vulnerability fixed.

  Thread PreviousDate PreviousThread Next 
Merge authors:
  Jan Henrik Øverland (janhenrik-overland)
------------------------------------------------------------
revno: 16112 [merge]
committer: Jan Henrik Overland <janhenrik.overland@xxxxxxxxx>
branch nick: dhis2
timestamp: Sun 2014-07-13 10:40:48 +0200
message:
  ER EV filter items vulnerability fixed.
modified:
  dhis-2/dhis-web/dhis-web-event-reports/src/main/webapp/dhis-web-event-reports/app/scripts/core.js
  dhis-2/dhis-web/dhis-web-event-visualizer/src/main/webapp/dhis-web-event-visualizer/app/scripts/core.js


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription

=== modified file 'dhis-2/dhis-web/dhis-web-event-reports/src/main/webapp/dhis-web-event-reports/app/scripts/core.js'
--- dhis-2/dhis-web/dhis-web-event-reports/src/main/webapp/dhis-web-event-reports/app/scripts/core.js	2014-07-11 12:29:08 +0000
+++ dhis-2/dhis-web/dhis-web-event-reports/src/main/webapp/dhis-web-event-reports/app/scripts/core.js	2014-07-13 08:38:49 +0000
@@ -1906,7 +1906,7 @@
 
                         paramString += '&filter=' + dim.dimension;
 
-                        if (dim.items) {
+                        if (Ext.isArray(dim.items) && dim.items.length) {
                             paramString += ':';
 
                             for (var j = 0; j < dim.items.length; j++) {

=== modified file 'dhis-2/dhis-web/dhis-web-event-visualizer/src/main/webapp/dhis-web-event-visualizer/app/scripts/core.js'
--- dhis-2/dhis-web/dhis-web-event-visualizer/src/main/webapp/dhis-web-event-visualizer/app/scripts/core.js	2014-07-08 14:37:21 +0000
+++ dhis-2/dhis-web/dhis-web-event-visualizer/src/main/webapp/dhis-web-event-visualizer/app/scripts/core.js	2014-07-13 08:38:49 +0000
@@ -1902,7 +1902,7 @@
 
                         paramString += '&filter=' + dim.dimension;
 
-                        if (dim.items) {
+                        if (Ext.isArray(dim.items) && dim.items.length) {
                             paramString += ':';
 
                             for (var j = 0; j < dim.items.length; j++) {
  Thread PreviousDate PreviousThread Next