dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #38131
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 19466: TrackedEntityAttribute, isValidOptionValue nullpointer vulnerability fix
------------------------------------------------------------
revno: 19466
committer: Lars Helge Overland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Fri 2015-06-19 12:06:15 +0200
message:
TrackedEntityAttribute, isValidOptionValue nullpointer vulnerability fix
modified:
dhis-2/dhis-api/src/main/java/org/hisp/dhis/trackedentity/TrackedEntityAttribute.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/trackedentity/TrackedEntityAttribute.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/trackedentity/TrackedEntityAttribute.java 2015-06-18 01:39:08 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/trackedentity/TrackedEntityAttribute.java 2015-06-19 10:06:15 +0000
@@ -157,9 +157,14 @@
*/
public Boolean isValidOptionValue( String value )
{
- for ( Option option : this.getOptionSet().getOptions() )
- {
- if ( option.getCode().equals( value ) )
+ if ( !hasOptionSet() || value == null )
+ {
+ return false;
+ }
+
+ for ( Option option : getOptionSet().getOptions() )
+ {
+ if ( value.equals( option.getCode() ) )
{
return true;
}