details: https://code.openbravo.com/erp/devel/pi/rev/5ca65fe55092
changeset: 35709:5ca65fe55092
user: Nono Carballo <nonofce <at> gmail.com>
date: Tue Apr 30 12:18:41 2019 +0200
summary: Fixes issue 40524: Escapes values printed to servlet response
Escapes values before printing them to Servlet response.
diffstat:
src/org/openbravo/erpCommon/ad_reports/GeneralAccountingReports.java
| 5 +++--
src/org/openbravo/erpCommon/ad_reports/ReportGeneralLedger.java
| 5 +++--
src/org/openbravo/erpCommon/ad_reports/ReportGeneralLedgerJournal.java
| 2 +-
src/org/openbravo/erpCommon/ad_reports/ReportInvoiceCustomerDimensionalAnalysesJR.java
| 5 +++--
src/org/openbravo/erpCommon/ad_reports/ReportMaterialDimensionalAnalysesJR.java
| 5 +++--
src/org/openbravo/erpCommon/ad_reports/ReportSalesDimensionalAnalyzeJR.java
| 5 +++--
src/org/openbravo/erpCommon/ad_reports/ReportShipmentDimensionalAnalyzeJR.java
| 5 +++--
src/org/openbravo/erpCommon/ad_reports/ReportTrialBalance.java
| 5 +++--
8 files changed, 22 insertions(+), 15 deletions(-)
diffs (215 lines):
diff -r 49fefc70a4c7 -r 5ca65fe55092
src/org/openbravo/erpCommon/ad_reports/GeneralAccountingReports.java
--- a/src/org/openbravo/erpCommon/ad_reports/GeneralAccountingReports.java
Thu Apr 25 11:44:14 2019 +0200
+++ b/src/org/openbravo/erpCommon/ad_reports/GeneralAccountingReports.java
Tue Apr 30 12:18:41 2019 +0200
@@ -11,7 +11,7 @@
* under the License.
* The Original Code is Openbravo ERP.
* The Initial Developer of the Original Code is Openbravo SLU
- * All portions are Copyright (C) 2001-2018 Openbravo SLU
+ * All portions are Copyright (C) 2001-2019 Openbravo SLU
* All Rights Reserved.
* Contributor(s): ______________________________________.
************************************************************************
@@ -33,6 +33,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;
import org.codehaus.jettison.json.JSONArray;
import org.codehaus.jettison.json.JSONException;
@@ -152,7 +153,7 @@
String strcAcctSchemaId = OBLedgerUtils.getOrgLedger(strOrg);
response.setContentType("text/html; charset=UTF-8");
PrintWriter out = response.getWriter();
- out.print(strcAcctSchemaId);
+ out.print(StringEscapeUtils.escapeHtml(strcAcctSchemaId));
out.close();
} else if (vars.commandIn("CMBORG")) {
String strAccSchema = vars.getStringParameter("inpcAcctSchemaId");
diff -r 49fefc70a4c7 -r 5ca65fe55092
src/org/openbravo/erpCommon/ad_reports/ReportGeneralLedger.java
--- a/src/org/openbravo/erpCommon/ad_reports/ReportGeneralLedger.java Thu Apr
25 11:44:14 2019 +0200
+++ b/src/org/openbravo/erpCommon/ad_reports/ReportGeneralLedger.java Tue Apr
30 12:18:41 2019 +0200
@@ -11,7 +11,7 @@
* under the License.
* The Original Code is Openbravo ERP.
* The Initial Developer of the Original Code is Openbravo SLU
- * All portions are Copyright (C) 2001-2017 Openbravo SLU
+ * All portions are Copyright (C) 2001-2019 Openbravo SLU
* All Rights Reserved.
* Contributor(s): ______________________________________.
************************************************************************
@@ -28,6 +28,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;
import org.openbravo.base.filter.IsIDFilter;
import org.openbravo.base.secureApp.HttpSecureAppServlet;
@@ -225,7 +226,7 @@
String strcAcctSchemaId = OBLedgerUtils.getOrgLedger(strOrg);
response.setContentType("text/html; charset=UTF-8");
PrintWriter out = response.getWriter();
- out.print(strcAcctSchemaId);
+ out.print(StringEscapeUtils.escapeHtml(strcAcctSchemaId));
out.close();
}
diff -r 49fefc70a4c7 -r 5ca65fe55092
src/org/openbravo/erpCommon/ad_reports/ReportGeneralLedgerJournal.java
--- a/src/org/openbravo/erpCommon/ad_reports/ReportGeneralLedgerJournal.java
Thu Apr 25 11:44:14 2019 +0200
+++ b/src/org/openbravo/erpCommon/ad_reports/ReportGeneralLedgerJournal.java
Tue Apr 30 12:18:41 2019 +0200
@@ -475,7 +475,7 @@
String strcAcctSchemaId = OBLedgerUtils.getOrgLedger(strOrg);
response.setContentType("text/html; charset=UTF-8");
PrintWriter out = response.getWriter();
- out.print(strcAcctSchemaId);
+ out.print(StringEscapeUtils.escapeHtml(strcAcctSchemaId));
out.close();
} else {
pageError(response);
diff -r 49fefc70a4c7 -r 5ca65fe55092
src/org/openbravo/erpCommon/ad_reports/ReportInvoiceCustomerDimensionalAnalysesJR.java
---
a/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceCustomerDimensionalAnalysesJR.java
Thu Apr 25 11:44:14 2019 +0200
+++
b/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceCustomerDimensionalAnalysesJR.java
Tue Apr 30 12:18:41 2019 +0200
@@ -11,7 +11,7 @@
* under the License.
* The Original Code is Openbravo ERP.
* The Initial Developer of the Original Code is Openbravo SLU
- * All portions are Copyright (C) 2001-2018 Openbravo SLU
+ * All portions are Copyright (C) 2001-2019 Openbravo SLU
* All Rights Reserved.
* Contributor(s): ______________________________________.
************************************************************************
@@ -27,6 +27,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;
import org.openbravo.base.filter.IsIDFilter;
import org.openbravo.base.filter.IsPositiveIntFilter;
@@ -310,7 +311,7 @@
}
response.setContentType("text/html; charset=UTF-8");
PrintWriter out = response.getWriter();
- out.print(strOrgCurrencyId);
+ out.print(StringEscapeUtils.escapeHtml(strOrgCurrencyId));
out.close();
} else {
pageErrorPopUp(response);
diff -r 49fefc70a4c7 -r 5ca65fe55092
src/org/openbravo/erpCommon/ad_reports/ReportMaterialDimensionalAnalysesJR.java
---
a/src/org/openbravo/erpCommon/ad_reports/ReportMaterialDimensionalAnalysesJR.java
Thu Apr 25 11:44:14 2019 +0200
+++
b/src/org/openbravo/erpCommon/ad_reports/ReportMaterialDimensionalAnalysesJR.java
Tue Apr 30 12:18:41 2019 +0200
@@ -11,7 +11,7 @@
* under the License.
* The Original Code is Openbravo ERP.
* The Initial Developer of the Original Code is Openbravo SLU
- * All portions are Copyright (C) 2001-2017 Openbravo SLU
+ * All portions are Copyright (C) 2001-2019 Openbravo SLU
* All Rights Reserved.
* Contributor(s): ______________________________________.
************************************************************************
@@ -27,6 +27,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;
import org.openbravo.base.filter.IsIDFilter;
import org.openbravo.base.filter.IsPositiveIntFilter;
@@ -177,7 +178,7 @@
}
response.setContentType("text/html; charset=UTF-8");
PrintWriter out = response.getWriter();
- out.print(strOrgCurrencyId);
+ out.print(StringEscapeUtils.escapeHtml(strOrgCurrencyId));
out.close();
} else {
pageErrorPopUp(response);
diff -r 49fefc70a4c7 -r 5ca65fe55092
src/org/openbravo/erpCommon/ad_reports/ReportSalesDimensionalAnalyzeJR.java
---
a/src/org/openbravo/erpCommon/ad_reports/ReportSalesDimensionalAnalyzeJR.java
Thu Apr 25 11:44:14 2019 +0200
+++
b/src/org/openbravo/erpCommon/ad_reports/ReportSalesDimensionalAnalyzeJR.java
Tue Apr 30 12:18:41 2019 +0200
@@ -11,7 +11,7 @@
* under the License.
* The Original Code is Openbravo ERP.
* The Initial Developer of the Original Code is Openbravo SLU
- * All portions are Copyright (C) 2001-2017 Openbravo SLU
+ * All portions are Copyright (C) 2001-2019 Openbravo SLU
* All Rights Reserved.
* Contributor(s): ______________________________________.
************************************************************************
@@ -28,6 +28,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;
import org.openbravo.base.filter.IsIDFilter;
import org.openbravo.base.filter.IsPositiveIntFilter;
@@ -196,7 +197,7 @@
}
response.setContentType("text/html; charset=UTF-8");
PrintWriter out = response.getWriter();
- out.print(strOrgCurrencyId);
+ out.print(StringEscapeUtils.escapeHtml(strOrgCurrencyId));
out.close();
} else {
pageErrorPopUp(response);
diff -r 49fefc70a4c7 -r 5ca65fe55092
src/org/openbravo/erpCommon/ad_reports/ReportShipmentDimensionalAnalyzeJR.java
---
a/src/org/openbravo/erpCommon/ad_reports/ReportShipmentDimensionalAnalyzeJR.java
Thu Apr 25 11:44:14 2019 +0200
+++
b/src/org/openbravo/erpCommon/ad_reports/ReportShipmentDimensionalAnalyzeJR.java
Tue Apr 30 12:18:41 2019 +0200
@@ -11,7 +11,7 @@
* under the License.
* The Original Code is Openbravo ERP.
* The Initial Developer of the Original Code is Openbravo SLU
- * All portions are Copyright (C) 2001-2017 Openbravo SLU
+ * All portions are Copyright (C) 2001-2019 Openbravo SLU
* All Rights Reserved.
* Contributor(s): ______________________________________.
************************************************************************
@@ -27,6 +27,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;
import org.openbravo.base.filter.IsIDFilter;
import org.openbravo.base.filter.IsPositiveIntFilter;
@@ -204,7 +205,7 @@
}
response.setContentType("text/html; charset=UTF-8");
PrintWriter out = response.getWriter();
- out.print(strOrgCurrencyId);
+ out.print(StringEscapeUtils.escapeHtml(strOrgCurrencyId));
out.close();
} else {
pageErrorPopUp(response);
diff -r 49fefc70a4c7 -r 5ca65fe55092
src/org/openbravo/erpCommon/ad_reports/ReportTrialBalance.java
--- a/src/org/openbravo/erpCommon/ad_reports/ReportTrialBalance.java Thu Apr
25 11:44:14 2019 +0200
+++ b/src/org/openbravo/erpCommon/ad_reports/ReportTrialBalance.java Tue Apr
30 12:18:41 2019 +0200
@@ -11,7 +11,7 @@
* under the License.
* The Original Code is Openbravo ERP.
* The Initial Developer of the Original Code is Openbravo SLU
- * All portions are Copyright (C) 2001-2018 Openbravo SLU
+ * All portions are Copyright (C) 2001-2019 Openbravo SLU
* All Rights Reserved.
* Contributor(s): ______________________________________.
************************************************************************
@@ -33,6 +33,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;
import org.codehaus.jettison.json.JSONArray;
import org.codehaus.jettison.json.JSONException;
@@ -229,7 +230,7 @@
String strcAcctSchemaId = OBLedgerUtils.getOrgLedger(strOrg);
response.setContentType("text/html; charset=UTF-8");
PrintWriter out = response.getWriter();
- out.print(strcAcctSchemaId);
+ out.print(StringEscapeUtils.escapeHtml(strcAcctSchemaId));
out.close();
} else {
pageError(response);
_______________________________________________
Openbravo-commits mailing list
Openbravo-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openbravo-commits
