[OpenbravoERP-commits] devel/pi: 2 new changesets

[hg]

details:   https://code.openbravo.com/erp/devel/pi/rev/66c41204bce2
changeset: 35706:66c41204bce2
user:      Asier Lostalé <asier.lostale <at> openbravo.com>
date:      Thu Apr 25 13:50:52 2019 +0200
summary:   fixed issue 38950: use bind-parameters in Preferences.java

details:   https://code.openbravo.com/erp/devel/pi/rev/cbb150e17b8b
changeset: 35707:cbb150e17b8b
user:      Asier Lostalé <asier.lostale <at> openbravo.com>
date:      Fri Apr 26 10:23:56 2019 +0200
summary:   related to issue 40647: escape formulas when exporting csv

  - Use tab instead of quoute to escape forumulas as latter is not visible
  - Escape also other characters that prefix formulas (+,-,@)

diffstat:

 
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DataSourceServlet.java
 |   5 +-
 src/org/openbravo/erpCommon/businessUtility/Preferences.java                   
                      |  17 +++++----
 2 files changed, 13 insertions(+), 9 deletions(-)

diffs (84 lines):

diff -r ca3cd4151b46 -r cbb150e17b8b 
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DataSourceServlet.java
--- 
a/modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DataSourceServlet.java
      Thu Apr 25 09:54:50 2019 +0200
+++ 
b/modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DataSourceServlet.java
      Fri Apr 26 10:23:56 2019 +0200
@@ -113,6 +113,7 @@
   private static String servletPathPart = "org.openbravo.service.datasource";
   private static Pattern csrfTokenPattern = Pattern
       .compile("\"csrfToken\":\"(?<token>[A-Z0-9]+)\"");
+  private static final String[] CSV_FORMULA_PREFIXES = new String[] { "=", 
"+", "-", "@" };
 
   public static String getServletPathPart() {
     return servletPathPart;
@@ -678,9 +679,9 @@
           String outputValue;
           if (keyValue != null && !keyValue.toString().equals("null")) {
             outputValue = keyValue.toString().replace("\"", "\"\"");
-            if (outputValue.startsWith("=")) {
+            if (StringUtils.startsWithAny(outputValue, CSV_FORMULA_PREFIXES)) {
               // escape formulas
-              outputValue = "'" + outputValue;
+              outputValue = "\t" + outputValue;
             }
           } else {
             outputValue = "";
diff -r ca3cd4151b46 -r cbb150e17b8b 
src/org/openbravo/erpCommon/businessUtility/Preferences.java
--- a/src/org/openbravo/erpCommon/businessUtility/Preferences.java      Thu Apr 
25 09:54:50 2019 +0200
+++ b/src/org/openbravo/erpCommon/businessUtility/Preferences.java      Fri Apr 
26 10:23:56 2019 +0200
@@ -11,7 +11,7 @@
  * under the License. 
  * The Original Code is Openbravo ERP. 
  * The Initial Developer of the Original Code is Openbravo SLU 
- * All portions are Copyright (C) 2010-2018 Openbravo SLU
+ * All portions are Copyright (C) 2010-2019 Openbravo SLU
  * All Rights Reserved. 
  * Contributor(s):  ______________________________________.
  ************************************************************************
@@ -20,6 +20,7 @@
 package org.openbravo.erpCommon.businessUtility;
 
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -34,7 +35,6 @@
 import org.openbravo.erpCommon.utility.PropertyConflictException;
 import org.openbravo.erpCommon.utility.PropertyException;
 import org.openbravo.erpCommon.utility.PropertyNotFoundException;
-import org.openbravo.erpCommon.utility.StringCollectionUtils;
 import org.openbravo.erpCommon.utility.Utility;
 import org.openbravo.model.ad.access.Role;
 import org.openbravo.model.ad.access.User;
@@ -430,16 +430,18 @@
       }
       hql.append("        p.visibleAtRole is null) ");
 
+      List<String> parentOrgs;
       if (org == null) {
-        hql.append("     and coalesce(p.visibleAtOrganization, '0')='0'");
+        parentOrgs = Arrays.asList("0");
       } else {
-        List<String> parentTree = OBContext.getOBContext()
+        parentOrgs = OBContext.getOBContext()
             .getOrganizationStructureProvider(client)
             .getParentList(org, true);
-        String parentOrgs = "(" + 
StringCollectionUtils.commaSeparated(parentTree) + ")";
-        hql.append("     and coalesce(p.visibleAtOrganization, '0') in " + 
parentOrgs);
       }
 
+      hql.append("     and coalesce(p.visibleAtOrganization.id, '0') in 
:parentOrgs");
+      parameters.put("parentOrgs", parentOrgs);
+
       if (user != null) {
         hql.append("  and (p.userContact.id = :userId or ");
         parameters.put("userId", user);
@@ -459,7 +461,8 @@
     }
 
     if (property != null) {
-      hql.append(" and p.propertyList = '" + (isListProperty ? "Y" : "N") + 
"'");
+      hql.append(" and p.propertyList = :isListProperty");
+      parameters.put("isListProperty", isListProperty);
       if (isListProperty) {
         hql.append(" and p.property = :property ");
       } else {


_______________________________________________
Openbravo-commits mailing list
Openbravo-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openbravo-commits