dhis2-devs team mailing list archive

Thread
Date

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 19466: TrackedEntityAttribute, isValidOptionValue nullpointer vulnerability fix

To: DHIS 2 developers <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
From: noreply@xxxxxxxxxxxxx
Date: Fri, 19 Jun 2015 10:08:30 -0000
Reply-to: noreply@xxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

------------------------------------------------------------
revno: 19466
committer: Lars Helge Overland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Fri 2015-06-19 12:06:15 +0200
message:
  TrackedEntityAttribute, isValidOptionValue nullpointer vulnerability fix
modified:
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/trackedentity/TrackedEntityAttribute.java


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/trackedentity/TrackedEntityAttribute.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/trackedentity/TrackedEntityAttribute.java	2015-06-18 01:39:08 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/trackedentity/TrackedEntityAttribute.java	2015-06-19 10:06:15 +0000
@@ -157,9 +157,14 @@
      */
     public Boolean isValidOptionValue( String value )
     {
-        for ( Option option : this.getOptionSet().getOptions() )
-        {
-            if ( option.getCode().equals( value ) )
+        if ( !hasOptionSet() || value == null )
+        {
+            return false;
+        }
+        
+        for ( Option option : getOptionSet().getOptions() )
+        {
+            if ( value.equals( option.getCode() ) )
             {
                 return true;
             }