dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #40100
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 20301: Fixed nullpointer vulnerabilities in UserSettingController
------------------------------------------------------------
revno: 20301
committer: Lars Helge Overland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Wed 2015-09-23 09:46:33 +0200
message:
Fixed nullpointer vulnerabilities in UserSettingController
modified:
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserSettingService.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/UserSettingController.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserSettingService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserSettingService.java 2015-06-16 05:11:29 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserSettingService.java 2015-09-23 07:46:33 +0000
@@ -205,7 +205,8 @@
public Serializable getUserSetting( String name )
{
User currentUser = currentUserService.getCurrentUser();
- return getUserSetting(name, currentUser);
+
+ return getUserSetting( name, currentUser );
}
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/UserSettingController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/UserSettingController.java 2015-09-14 17:39:27 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/UserSettingController.java 2015-09-23 07:46:33 +0000
@@ -48,6 +48,8 @@
import java.io.Serializable;
import java.util.Locale;
+import static org.hisp.dhis.user.UserSettingService.*;
+
/**
* @author Lars Helge Overland
*/
@@ -95,19 +97,19 @@
}
@RequestMapping( value = "/{key}", method = RequestMethod.GET )
- public void getSystemSetting( @PathVariable( "key" ) String key,
+ public void getUserSetting( @PathVariable( "key" ) String key,
@RequestParam( value = "user", required = false ) String username,
HttpServletRequest request, HttpServletResponse response ) throws IOException, WebMessageException
{
- String value;
+ Serializable value;
if ( username == null )
{
- value = getStringValue( key, userSettingService.getUserSetting( key ) );
+ value = userSettingService.getUserSetting( key );
}
else
{
- value = getStringValue( key, userSettingService.getUserSetting( key, username ) );
+ value = userSettingService.getUserSetting( key, username );
}
if ( value == null )
@@ -115,7 +117,9 @@
throw new WebMessageException( WebMessageUtils.notFound( "User setting not found." ) );
}
- String contentType;
+ String stringVal = getStringValue( key, value );
+
+ String contentType = null;
if ( request.getHeader( "Accept" ) == null || "*/*".equals( request.getHeader( "Accept" ) ) )
{
@@ -127,7 +131,7 @@
}
response.setContentType( contentType );
- response.getWriter().println( value );
+ response.getWriter().println( stringVal );
}
@RequestMapping( value = "/{key}", method = RequestMethod.DELETE )
@@ -138,7 +142,7 @@
private Serializable valueToSet( String key, String value )
{
- if ( key.equals( UserSettingService.KEY_UI_LOCALE ) || key.equals( UserSettingService.KEY_DB_LOCALE ) )
+ if ( KEY_UI_LOCALE.equals( key ) || KEY_DB_LOCALE.equals( key ) )
{
return LocaleUtils.getLocale( value );
}
@@ -150,7 +154,7 @@
private String getStringValue( String key, Serializable value )
{
- if ( key.equals( UserSettingService.KEY_UI_LOCALE ) || key.equals( UserSettingService.KEY_DB_LOCALE ) )
+ if ( KEY_UI_LOCALE.equals( key ) || KEY_DB_LOCALE.equals( key ) )
{
return ((Locale) value).getLanguage();
}