details: https://code.openbravo.com/erp/devel/pi/rev/ef34142891ad
changeset: 33500:ef34142891ad
user: Javier Armendáriz <javier.armendariz <at> openbravo.com>
date: Wed Feb 21 10:52:41 2018 +0100
summary: Related to issue 37740: Fixed potential issues
- Inserting a null value for both error-code and exception-type could lead to a
crash at startup.
- Error codes are validated
- Fixed formatting
diffstat:
src-wad/src/org/openbravo/wad/Wad.java | 45 +++++++++++++++++++---------
src-wad/src/org/openbravo/wad/Wad_data.xsql | 5 +-
src-wad/src/org/openbravo/wad/webConf.xml | 4 +-
3 files changed, 35 insertions(+), 19 deletions(-)
diffs (131 lines):
diff -r 61c59ba769d5 -r ef34142891ad src-wad/src/org/openbravo/wad/Wad.java
--- a/src-wad/src/org/openbravo/wad/Wad.java Tue Feb 20 13:39:26 2018 +0100
+++ b/src-wad/src/org/openbravo/wad/Wad.java Wed Feb 21 10:52:41 2018 +0100
@@ -11,7 +11,7 @@
* under the License.
* The Original Code is Openbravo ERP.
* The Initial Developer of the Original Code is Openbravo SLU
- * All portions are Copyright (C) 2001-2017 Openbravo SLU
+ * All portions are Copyright (C) 2001-2018 Openbravo SLU
* All Rights Reserved.
* Contributor(s): ______________________________________.
************************************************************************
@@ -772,12 +772,14 @@
xmlDocument.setData("structure2", WadData.selectMapping(pool));
String baseDesignFolder = getBaseDesignFolder(contextParams);
- xmlDocument.setData("structureErrorExceptionPage",
- appendErrorPageRoutePrefix(WadData.selectErrorPages(pool,
EXCEPTION_TYPE_PAGES), baseDesignFolder));
+ xmlDocument.setData(
+ "structureErrorExceptionPage",
+ prepareErrorPageData(WadData.selectErrorPages(pool,
EXCEPTION_TYPE_PAGES),
+ baseDesignFolder));
xmlDocument.setData("structureErrorCodePage",
- appendErrorPageRoutePrefix(WadData.selectErrorPages(pool,
ERROR_CODE_PAGES), baseDesignFolder));
+ prepareErrorPageData(WadData.selectErrorPages(pool,
ERROR_CODE_PAGES), baseDesignFolder));
xmlDocument.setData("structureGenericErrorPage",
- appendErrorPageRoutePrefix(WadData.selectGenericErrorPages(pool),
baseDesignFolder));
+ prepareErrorPageData(WadData.selectGenericErrorPages(pool),
baseDesignFolder));
String webXml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
xmlDocument.print();
webXml = webXml.replace("${attachPath}", attachPath);
@@ -792,28 +794,41 @@
private String getBaseDesignFolder(WadData[] contextParams) {
String baseDesignPath = findParameterByName("BaseDesignPath",
contextParams);
String defaultDesignPath = findParameterByName("DefaultDesignPath",
contextParams);
-
+
return String.format("/%s/%s", baseDesignPath, defaultDesignPath);
}
-
- private WadData[] appendErrorPageRoutePrefix(WadData[] originalData, String
baseDesignFolder) {
- List<WadData> appendedData = new ArrayList<WadData>();
+
+ private WadData[] prepareErrorPageData(WadData[] originalData, String
baseDesignFolder) {
+ List<WadData> appendedData = new ArrayList<>();
for (WadData data : originalData) {
+ if (!validateErrorCode(data.errortype, data.value)) {
+ log4j.warn("Error page " + data.name + " has invalid error code: " +
data.value);
+ continue;
+ }
if (data.location != null && !data.location.isEmpty()) {
- data.location = String
- .format("%s/%s", baseDesignFolder, data.location);
+ data.location = String.format("%s/%s", baseDesignFolder,
data.location);
appendedData.add(data);
-
log4j.debug("Processed error page " + data.name);
- }
- else {
- log4j.warn("Error page " + data.name +" has no location");
+ } else {
+ log4j.warn("Error page " + data.name + " has no location");
}
}
return appendedData.toArray(new WadData[appendedData.size()]);
}
+ private boolean validateErrorCode(String errorType, String errorCode) {
+ if (ERROR_CODE_PAGES.equals(errorType)) {
+ try {
+ Integer.parseInt(errorCode);
+ } catch (NumberFormatException nfe) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
private String findParameterByName(String name, WadData[] contextParams) {
for (WadData param : contextParams) {
if (param.name.equals(name)) {
diff -r 61c59ba769d5 -r ef34142891ad src-wad/src/org/openbravo/wad/Wad_data.xsql
--- a/src-wad/src/org/openbravo/wad/Wad_data.xsql Tue Feb 20 13:39:26
2018 +0100
+++ b/src-wad/src/org/openbravo/wad/Wad_data.xsql Wed Feb 21 10:52:41
2018 +0100
@@ -244,7 +244,7 @@
<SqlMethodComment>Select the active generic Error pages (with no code or
exception parameters)</SqlMethodComment>
<Sql>
<![CDATA[
- select coalesce(o.name, o.ad_model_object_id) as name, p.value as
location
+ select coalesce(o.name, o.ad_model_object_id) as name, p.value as
location, 'generic' as errortype
from ad_model_object_para p,
ad_model_object o
where o.object_type = 'E'
@@ -266,7 +266,7 @@
<SqlMethodComment>Select the active error pages of the type given (it can
be either exception-type or error code)</SqlMethodComment>
<Sql>
<![CDATA[
- select coalesce(o.name, o.ad_model_object_id) as name, p.value as
errortype,
+ select coalesce(o.name, o.ad_model_object_id) as name, p.value as value,
p.name as errortype,
(select max(value)
from ad_model_object_para lp
where lp.ad_model_object_id = o.ad_model_object_id
@@ -279,6 +279,7 @@
and p.isactive = 'Y'
and p.ad_model_object_id = o.ad_model_object_id
and p.name = ?
+ and p.value is not null
]]>
</Sql>
<Parameter name="errorType"/>
diff -r 61c59ba769d5 -r ef34142891ad src-wad/src/org/openbravo/wad/webConf.xml
--- a/src-wad/src/org/openbravo/wad/webConf.xml Tue Feb 20 13:39:26 2018 +0100
+++ b/src-wad/src/org/openbravo/wad/webConf.xml Wed Feb 21 10:52:41 2018 +0100
@@ -94,13 +94,13 @@
<structure name="structureErrorExceptionPage">
<FIELD id="exceptionPageLocation">location</FIELD>
- <FIELD id="exceptionType">errortype</FIELD>
+ <FIELD id="exceptionType">value</FIELD>
<SECTION id="errorExceptionPage"/>
</structure>
<structure name="structureErrorCodePage">
<FIELD id="errorCodePageLocation">location</FIELD>
- <FIELD id="errorCode">errortype</FIELD>
+ <FIELD id="errorCode">value</FIELD>
<SECTION id="errorCodePage"/>
</structure>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openbravo-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openbravo-commits
