dhis2-users team mailing list archive

Thread
Date

Re: Web API 'criteria' fails to recognize parameters with special characters

To: Lars Helge Øverland <larshelge@xxxxxxxxx>
From: Sam Kasozi <kasozis@xxxxxxxxx>
Date: Sun, 2 Nov 2014 18:18:17 +0300
Cc: "dhis2-users@xxxxxxxxxxxxxxxxxxx" <dhis2-users@xxxxxxxxxxxxxxxxxxx>, Dhis2-users <dhis2-users-bounces+stephocay=gmail.com@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CAD_DPKzb4r_je3WwOTGysGoyp3seU=W5Rs0QhYsgR7Sw3j++EQ@mail.gmail.com>

That makes sense then.

Thanks

Sam Kasozi
Information Systems Consultant
HISP Uganda | GHSI - Uganda MOH - PH Emergency Operation Center
+256 788 993565 | +256 757 662752
kasozis@xxxxxxxxx | skasozi@xxxxxxxxxxx <kasozis@xxxxxxxxx> | Skype:
sam.kasoziug

On Sun, Nov 2, 2014 at 6:13 PM, Lars Helge Øverland <larshelge@xxxxxxxxx>
wrote:

> Hey Sam,
>
> this is not documented, but we only accept a-z 0-9 / alphanumerical
> characters + space for criteria filters and values. This is a security
> measure to avoid SQL injection and other spooky stuff (think about someone
> passing a drop table sql statement as a value). I think we can improve this
> by coming up with a character white-list including dash. Input appreciated.
>
> Lars
>
>
> On Sun, Nov 2, 2014 at 10:03 AM, Sam Kasozi <kasozis@xxxxxxxxx> wrote:
>
>> Hi Stephen,
>>
>> That might help in some scenarios, however in this case, a dash is one of
>> the acceptable characters in a URL. Trying to encode it with '%2D' converts
>> it back to a dash before being sent to the API.
>>
>> Sam Kasozi
>> Information Systems Consultant
>> HISP Uganda | GHSI - Uganda MOH - PH Emergency Operation Center
>> +256 788 993565 | +256 757 662752
>> kasozis@xxxxxxxxx | skasozi@xxxxxxxxxxx <kasozis@xxxxxxxxx> | Skype:
>> sam.kasoziug
>>
>> On Sun, Nov 2, 2014 at 5:29 PM, <stephocay@xxxxxxxxx> wrote:
>>
>>> Sam, may be try encoding the URL ...
>>>
>>> Try reading about urlencode ... For an appropriate language
>>>
>>> Which language are you using?
>>> Sent from my BlackBerry® smartphone provided by Airtel Uganda.
>>>
>>> -----Original Message-----
>>> From: Sam Kasozi <kasozis@xxxxxxxxx>
>>> Sender: "Dhis2-users"
>>>  <dhis2-users-bounces+stephocay=gmail.com@xxxxxxxxxxxxxxxxxxx>Date:
>>> Sun, 2 Nov 2014 17:14:58
>>> To: dhis2-users@xxxxxxxxxxxxxxxxxxx<dhis2-users@xxxxxxxxxxxxxxxxxxx>
>>> Subject: [Dhis2-users] Web API 'criteria' fails to recognize parameters
>>> with
>>>         special characters
>>>
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~dhis2-users
>>> Post to     : dhis2-users@xxxxxxxxxxxxxxxxxxx
>>> Unsubscribe : https://launchpad.net/~dhis2-users
>>> More help   : https://help.launchpad.net/ListHelp
>>>
>>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~dhis2-users
>> Post to     : dhis2-users@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~dhis2-users
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>

References

Web API 'criteria' fails to recognize parameters with special characters
From: Sam Kasozi, 2014-11-02
Re: Web API 'criteria' fails to recognize parameters with special characters
From: stephocay, 2014-11-02
Re: Web API 'criteria' fails to recognize parameters with special characters
From: Sam Kasozi, 2014-11-02
Re: Web API 'criteria' fails to recognize parameters with special characters
From: Lars Helge Øverland, 2014-11-02