dhis2-devs team mailing list archive

[noreply@xxxxxxxxxxxxx]

------------------------------------------------------------
revno: 22054
committer: Lars Helge Overland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Fri 2016-02-26 13:25:04 -0500
message:
  TEI import. Fixed IndexOutOfBoundsException vulnerability.
modified:
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/trackedentity/DefaultTrackedEntityAttributeService.java


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription

=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/trackedentity/DefaultTrackedEntityAttributeService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/trackedentity/DefaultTrackedEntityAttributeService.java	2016-02-26 01:34:51 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/trackedentity/DefaultTrackedEntityAttributeService.java	2016-02-26 18:25:04 +0000
@@ -48,6 +48,8 @@
 import java.util.ArrayList;
 import java.util.List;
 
+import org.apache.commons.lang3.StringUtils;
+
 /**
  * @author Abyot Asalefew
  */
@@ -273,11 +275,11 @@
         Assert.notNull( trackedEntityAttribute, "trackedEntityAttribute is required." );
         ValueType valueType = trackedEntityAttribute.getValueType();
 
-        String errorValue = value.substring( 0, 30 );
+        String errorValue = StringUtils.substring( value, 0, 30 );
 
         if ( value.length() > 255 )
         {
-            return "Value length is greater than 256 chars for attribute " + trackedEntityAttribute.getUid();
+            return "Value length is greater than 255 chars for attribute " + trackedEntityAttribute.getUid();
         }
 
         if ( ValueType.NUMBER == valueType && !MathUtils.isNumeric( value ) )