------------------------------------------------------------ revno: 9240 committer: Morten Olav Hansen <[email protected]> branch nick: dhis2 timestamp: Sun 2012-12-09 16:36:18 +0300 message: FRED-API: Fixes issues with escaping. Also better handling of coordinates string. modified: dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/controller/FacilityController.java dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/utils/GeoUtils.java dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/utils/ObjectMapperFactoryBean.java dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/utils/ToFacilityConverter.java dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/utils/ToOrganisationUnitConverter.java dhis-2/dhis-web/dhis-web-api-fred/src/main/webapp/WEB-INF/api-fred-velocity/v1/facilities.vm dhis-2/dhis-web/dhis-web-api-fred/src/main/webapp/WEB-INF/api-fred-velocity/v1/facility.vm
-- lp:dhis2 https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk Your team DHIS 2 developers is subscribed to branch lp:dhis2. To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/controller/FacilityController.java' --- dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/controller/FacilityController.java 2012-12-08 16:07:13 +0000 +++ dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/controller/FacilityController.java 2012-12-09 13:36:18 +0000 @@ -27,6 +27,7 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +import org.apache.commons.lang3.StringEscapeUtils; import org.hisp.dhis.common.DeleteNotAllowedException; import org.hisp.dhis.common.comparator.IdentifiableObjectNameComparator; import org.hisp.dhis.hierarchy.HierarchyViolationException; @@ -59,18 +60,18 @@ /** * @author Morten Olav Hansen <[email protected]> */ -@Controller( value = "facility-controller-" + FredController.PREFIX ) -@RequestMapping( FacilityController.RESOURCE_PATH ) +@Controller(value = "facility-controller-" + FredController.PREFIX) +@RequestMapping(FacilityController.RESOURCE_PATH) public class FacilityController { public static final String RESOURCE_PATH = "/" + FredController.PREFIX + "/facilities"; @Autowired - @Qualifier( "org.hisp.dhis.organisationunit.OrganisationUnitService" ) + @Qualifier("org.hisp.dhis.organisationunit.OrganisationUnitService") private OrganisationUnitService organisationUnitService; @Autowired - @Qualifier( "conversionService" ) + @Qualifier("conversionService") private ConversionService conversionService; @Autowired @@ -80,7 +81,7 @@ // GET HTML //-------------------------------------------------------------------------- - @RequestMapping( value = "", method = RequestMethod.GET ) + @RequestMapping(value = "", method = RequestMethod.GET) public String readFacilities( Model model ) { Facilities facilities = new Facilities(); @@ -95,6 +96,7 @@ facilities.getFacilities().add( facility ); } + model.addAttribute( "esc", StringEscapeUtils.class ); model.addAttribute( "entity", facilities ); model.addAttribute( "baseUrl", linkTo( FredController.class ).toString() ); model.addAttribute( "pageName", "facilities" ); @@ -103,13 +105,14 @@ return FredController.PREFIX + "/layout"; } - @RequestMapping( value = "/{id}", method = RequestMethod.GET ) + @RequestMapping(value = "/{id}", method = RequestMethod.GET) public String readFacility( Model model, @PathVariable String id ) { OrganisationUnit organisationUnit = organisationUnitService.getOrganisationUnit( id ); Facility facility = conversionService.convert( organisationUnit, Facility.class ); + model.addAttribute( "esc", StringEscapeUtils.class ); model.addAttribute( "entity", facility ); model.addAttribute( "baseUrl", linkTo( FredController.class ).toString() ); model.addAttribute( "pageName", "facility" ); @@ -122,7 +125,7 @@ // POST JSON //-------------------------------------------------------------------------- - @RequestMapping( value = "", method = RequestMethod.POST ) + @RequestMapping(value = "", method = RequestMethod.POST) public ResponseEntity<String> createFacility( @RequestBody Facility facility ) throws IOException { OrganisationUnit organisationUnit = conversionService.convert( facility, OrganisationUnit.class ); @@ -149,7 +152,7 @@ // PUT JSON //-------------------------------------------------------------------------- - @RequestMapping( value = "/{id}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_JSON_VALUE ) + @RequestMapping(value = "/{id}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity<String> updateFacility( @PathVariable String id, @RequestBody Facility facility ) throws IOException { facility.setId( id ); @@ -187,7 +190,7 @@ // DELETE JSON //-------------------------------------------------------------------------- - @RequestMapping( value = "/{id}", method = RequestMethod.DELETE ) + @RequestMapping(value = "/{id}", method = RequestMethod.DELETE) public ResponseEntity<Void> deleteFacility( @PathVariable String id ) throws HierarchyViolationException { OrganisationUnit organisationUnit = organisationUnitService.getOrganisationUnit( id ); @@ -206,7 +209,7 @@ // EXCEPTION HANDLERS //-------------------------------------------------------------------------- - @ExceptionHandler( { DeleteNotAllowedException.class, HierarchyViolationException.class } ) + @ExceptionHandler({ DeleteNotAllowedException.class, HierarchyViolationException.class }) public ResponseEntity<String> exceptionHandler( Exception ex ) { return new ResponseEntity<String>( ex.getMessage(), HttpStatus.FORBIDDEN ); === modified file 'dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/utils/GeoUtils.java' --- dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/utils/GeoUtils.java 2012-12-08 20:35:51 +0000 +++ dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/utils/GeoUtils.java 2012-12-09 13:36:18 +0000 @@ -27,8 +27,11 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +import org.codehaus.jackson.JsonParseException; +import org.codehaus.jackson.map.JsonMappingException; import org.codehaus.jackson.map.ObjectMapper; +import java.io.IOException; import java.util.List; /** @@ -44,9 +47,9 @@ public static class Coordinates { - public Double lat = 0.0d; + public Double lat; - public Double lng = 0.0d; + public Double lng; @Override public String toString() @@ -83,14 +86,20 @@ coordinates.lng = convertToDouble( list.get( 0 ) ); } } - catch ( Exception ignored ) + catch ( JsonMappingException ignored ) + { + } + catch ( JsonParseException ignored ) + { + } + catch ( IOException ignored ) { } return coordinates; } - private static Double convertToDouble( Object object ) + private static Double convertToDouble( Object object ) throws NumberFormatException { Double d = 0.0d; @@ -103,6 +112,10 @@ Integer lng = (Integer) object; d = Double.valueOf( lng ); } + else + { + throw new NumberFormatException(); + } return d; } === modified file 'dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/utils/ObjectMapperFactoryBean.java' --- dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/utils/ObjectMapperFactoryBean.java 2012-12-06 20:06:23 +0000 +++ dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/utils/ObjectMapperFactoryBean.java 2012-12-09 13:36:18 +0000 @@ -27,6 +27,7 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +import org.codehaus.jackson.JsonGenerator; import org.codehaus.jackson.map.ObjectMapper; import org.codehaus.jackson.map.SerializationConfig; import org.codehaus.jackson.map.annotate.JsonSerialize; @@ -43,7 +44,8 @@ public ObjectMapper getObject() throws Exception { ObjectMapper objectMapper = new ObjectMapper(); - objectMapper.getSerializationConfig().disable( SerializationConfig.Feature.WRITE_DATES_AS_TIMESTAMPS ); + objectMapper.configure( JsonGenerator.Feature.ESCAPE_NON_ASCII, true ); + objectMapper.configure( SerializationConfig.Feature.WRITE_DATES_AS_TIMESTAMPS, false ); objectMapper.setSerializationInclusion( JsonSerialize.Inclusion.NON_EMPTY ); return objectMapper; @@ -61,4 +63,3 @@ return true; } } - === modified file 'dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/utils/ToFacilityConverter.java' --- dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/utils/ToFacilityConverter.java 2012-12-09 12:27:00 +0000 +++ dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/utils/ToFacilityConverter.java 2012-12-09 13:36:18 +0000 @@ -61,10 +61,16 @@ if ( organisationUnit.getFeatureType() != null && organisationUnit.getFeatureType().equalsIgnoreCase( "POINT" ) && organisationUnit.getCoordinates() != null ) { - GeoUtils.Coordinates coordinates = GeoUtils.parseCoordinates( organisationUnit.getCoordinates() ); + try + { + GeoUtils.Coordinates coordinates = GeoUtils.parseCoordinates( organisationUnit.getCoordinates() ); - facility.getCoordinates().add( coordinates.lng ); - facility.getCoordinates().add( coordinates.lat ); + facility.getCoordinates().add( coordinates.lng ); + facility.getCoordinates().add( coordinates.lat ); + } + catch ( NumberFormatException ignored ) + { + } } if ( organisationUnit.getParent() != null ) === modified file 'dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/utils/ToOrganisationUnitConverter.java' --- dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/utils/ToOrganisationUnitConverter.java 2012-12-09 12:27:00 +0000 +++ dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/utils/ToOrganisationUnitConverter.java 2012-12-09 13:36:18 +0000 @@ -86,9 +86,15 @@ organisationUnit.setFeatureType( OrganisationUnit.FEATURETYPE_POINT ); - GeoUtils.Coordinates coordinates = GeoUtils.parseCoordinates( facility.getCoordinates().toString() ); - - organisationUnit.setCoordinates( String.format( "[%f, %f]", coordinates.lng, coordinates.lat ) ); + try + { + GeoUtils.Coordinates coordinates = GeoUtils.parseCoordinates( facility.getCoordinates().toString() ); + organisationUnit.setCoordinates( String.format( "[%f, %f]", coordinates.lng, coordinates.lat ) ); + } + catch ( NumberFormatException err ) + { + organisationUnit.setCoordinates( "" ); + } return organisationUnit; } === modified file 'dhis-2/dhis-web/dhis-web-api-fred/src/main/webapp/WEB-INF/api-fred-velocity/v1/facilities.vm' --- dhis-2/dhis-web/dhis-web-api-fred/src/main/webapp/WEB-INF/api-fred-velocity/v1/facilities.vm 2012-12-09 12:27:00 +0000 +++ dhis-2/dhis-web/dhis-web-api-fred/src/main/webapp/WEB-INF/api-fred-velocity/v1/facilities.vm 2012-12-09 13:36:18 +0000 @@ -8,7 +8,7 @@ #foreach( $facility in $entity.facilities ) { id: "$facility.id", - name: "$facility.name", + name: "$esc.escapeEcmaScript($facility.name)", coordinates: "$facility.coordinates" }, #end @@ -168,7 +168,7 @@ <tbody> #foreach( $facility in $entity.facilities ) <tr data-facility-id='$facility.id'> - <td class='facility-name'><a href='$facility.url'>$facility.name</a></td> + <td class='facility-name'><a href='$facility.url'>$esc.escapeHtml4($facility.name)</a></td> <td class='facility-actions' style='width: 1px;'> <div class='btn-group'> === modified file 'dhis-2/dhis-web/dhis-web-api-fred/src/main/webapp/WEB-INF/api-fred-velocity/v1/facility.vm' --- dhis-2/dhis-web/dhis-web-api-fred/src/main/webapp/WEB-INF/api-fred-velocity/v1/facility.vm 2012-12-09 12:27:00 +0000 +++ dhis-2/dhis-web/dhis-web-api-fred/src/main/webapp/WEB-INF/api-fred-velocity/v1/facility.vm 2012-12-09 13:36:18 +0000 @@ -2,6 +2,12 @@ <script> function updateMap(coordinates) { + if(!coordinates[0] || !coordinates[1]) + { + noCoordinatesProvided(); + return; + } + var latlng = new google.maps.LatLng(coordinates[1], coordinates[0]); var options = { @@ -15,10 +21,15 @@ var marker = new google.maps.Marker({ position: latlng, map: map, - title: '$entity.name' + title: '$esc.escapeEcmaScript($entity.name)' }); } + function noCoordinatesProvided() { + $( '#mapTarget' ).html( '<div style="text-align: center;">No coordinates provided.</div>' ) + .parent().addClass( 'hidden-phone' ); + } + $(function () { var coordinates = JSON.parse("$entity.coordinates"); @@ -28,8 +39,7 @@ updateMap(coordinates); } else { - $('#mapTarget').html('<div style="text-align: center;">No coordinates provided.</div>') - .parent().addClass('hidden-phone'); + noCoordinatesProvided(); } $('#facilityForm').submit(function (e) { @@ -49,6 +59,8 @@ data.coordinates = [ lng, lat ]; + console.log(data.coordinates); + $.ajax({ url: '$baseUrl/facilities/${entity.id}', contentType: 'application/json; charset=UTF-8', @@ -56,11 +68,10 @@ data: JSON.stringify(data), dataType: 'json' }).success(function (data) { - console.log("save success!", data); updateMap([lng, lat]); + $('#facilitySubmit').removeAttr('disabled').text('Save'); }).error(function (data) { - console.log("could not update!", data); $('#facilitySubmit').removeAttr('disabled').text('Save'); }); }); @@ -85,7 +96,7 @@ <input id="facilityID" disabled="disabled" type="text" class="$inputSize" value="$entity.id"/> <label for="facilityName">Name</label> - <input #if(!$canEdit)disabled#end id="facilityName" type="text" class="$inputSize" value="$entity.name"/> + <input #if(!$canEdit)disabled#end id="facilityName" type="text" class="$inputSize" value="$esc.escapeHtml4($entity.name)"/> <label for="facilityActive">Active</label>
_______________________________________________ Mailing list: https://launchpad.net/~dhis2-devs Post to : [email protected] Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp
