details: https://code.openbravo.com/erp/devel/pi/rev/1fddb0a46a5b
changeset: 35994:1fddb0a46a5b
user: Nono Carballo <nonofce <at> gmail.com>
date: Thu May 09 14:52:16 2019 -0400
summary: Fixes issue 40646: Escapes properly HTML characters.
Instead of escape HTML characters manually, a function to do so is used.
diffstat:
src/org/openbravo/erpCommon/info/Account.java | 19 ++--------
src/org/openbravo/erpCommon/info/AccountElementValue.java | 19 ++--------
src/org/openbravo/erpCommon/info/BusinessPartner.java | 19 ++--------
src/org/openbravo/erpCommon/info/BusinessPartnerMultiple.java | 19 ++--------
src/org/openbravo/erpCommon/info/DebtPayment.java | 19 ++--------
src/org/openbravo/erpCommon/info/DocTypeMultiple.java | 19 ++--------
src/org/openbravo/erpCommon/info/Invoice.java | 19 ++--------
src/org/openbravo/erpCommon/info/InvoiceLine.java | 19 ++--------
src/org/openbravo/erpCommon/info/Locator.java | 19 ++--------
src/org/openbravo/erpCommon/info/LocatorMultiple.java | 19 ++--------
src/org/openbravo/erpCommon/info/Product.java | 19 ++--------
src/org/openbravo/erpCommon/info/ProductComplete.java | 19 ++--------
src/org/openbravo/erpCommon/info/ProductMultiple.java | 19 ++--------
src/org/openbravo/erpCommon/info/Project.java | 19 ++--------
src/org/openbravo/erpCommon/info/ProjectMultiple.java | 19 ++--------
src/org/openbravo/erpCommon/info/SalesOrder.java | 19 ++--------
src/org/openbravo/erpCommon/info/SalesOrderLine.java | 19 ++--------
src/org/openbravo/erpCommon/info/ShipmentReceipt.java | 19 ++--------
src/org/openbravo/erpCommon/info/ShipmentReceiptLine.java | 19 ++--------
19 files changed, 76 insertions(+), 285 deletions(-)
diffs (truncated from 893 to 300 lines):
diff -r 98b6ff97783d -r 1fddb0a46a5b
src/org/openbravo/erpCommon/info/Account.java
--- a/src/org/openbravo/erpCommon/info/Account.java Tue Jun 04 10:03:45
2019 +0000
+++ b/src/org/openbravo/erpCommon/info/Account.java Thu May 09 14:52:16
2019 -0400
@@ -11,7 +11,7 @@
* under the License.
* The Original Code is Openbravo ERP.
* The Initial Developer of the Original Code is Openbravo SLU
- * All portions are Copyright (C) 2001-2016 Openbravo SLU
+ * All portions are Copyright (C) 2001-2019 Openbravo SLU
* All Rights Reserved.
* Contributor(s): ______________________________________.
************************************************************************
@@ -27,6 +27,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
import org.openbravo.base.filter.RequestFilter;
import org.openbravo.base.filter.ValueListFilter;
import org.openbravo.base.secureApp.HttpSecureAppServlet;
@@ -471,24 +472,12 @@
if (headers[k].getField("adReferenceId").equals("32")) {
strRowsData.append(strReplaceWith).append("/images/");
}
- strRowsData.append(data[j].getField(columnname)
- .replaceAll("<b>", "")
- .replaceAll("<B>", "")
- .replaceAll("</b>", "")
- .replaceAll("</B>", "")
- .replaceAll("<i>", "")
- .replaceAll("<I>", "")
- .replaceAll("</i>", "")
- .replaceAll("</I>", "")
- .replaceAll("<p>", " ")
- .replaceAll("<P>", " ")
- .replaceAll("<br>", " ")
- .replaceAll("<BR>", " "));
+
strRowsData.append(StringEscapeUtils.escapeHtml(data[j].getField(columnname)));
} else {
if (headers[k].getField("adReferenceId").equals("32")) {
strRowsData.append(strReplaceWith).append("/images/blank.gif");
} else {
- strRowsData.append(" ");
+ strRowsData.append(StringEscapeUtils.escapeHtml(" "));
}
}
strRowsData.append("]]></td>\n");
diff -r 98b6ff97783d -r 1fddb0a46a5b
src/org/openbravo/erpCommon/info/AccountElementValue.java
--- a/src/org/openbravo/erpCommon/info/AccountElementValue.java Tue Jun 04
10:03:45 2019 +0000
+++ b/src/org/openbravo/erpCommon/info/AccountElementValue.java Thu May 09
14:52:16 2019 -0400
@@ -11,7 +11,7 @@
* under the License.
* The Original Code is Openbravo ERP.
* The Initial Developer of the Original Code is Openbravo SLU
- * All portions are Copyright (C) 2009-2016 Openbravo SLU
+ * All portions are Copyright (C) 2009-2019 Openbravo SLU
* All Rights Reserved.
* Contributor(s): ______________________________________.
************************************************************************
@@ -27,6 +27,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
import org.openbravo.base.filter.RequestFilter;
import org.openbravo.base.filter.ValueListFilter;
import org.openbravo.base.secureApp.HttpSecureAppServlet;
@@ -408,24 +409,12 @@
if (headers[k].getField("adReferenceId").equals("32")) {
strRowsData.append(strReplaceWith).append("/images/");
}
- strRowsData.append(data[j].getField(columnname)
- .replaceAll("<b>", "")
- .replaceAll("<B>", "")
- .replaceAll("</b>", "")
- .replaceAll("</B>", "")
- .replaceAll("<i>", "")
- .replaceAll("<I>", "")
- .replaceAll("</i>", "")
- .replaceAll("</I>", "")
- .replaceAll("<p>", " ")
- .replaceAll("<P>", " ")
- .replaceAll("<br>", " ")
- .replaceAll("<BR>", " "));
+
strRowsData.append(StringEscapeUtils.escapeHtml(data[j].getField(columnname)));
} else {
if (headers[k].getField("adReferenceId").equals("32")) {
strRowsData.append(strReplaceWith).append("/images/blank.gif");
} else {
- strRowsData.append(" ");
+ strRowsData.append(StringEscapeUtils.escapeHtml(" "));
}
}
strRowsData.append("]]></td>\n");
diff -r 98b6ff97783d -r 1fddb0a46a5b
src/org/openbravo/erpCommon/info/BusinessPartner.java
--- a/src/org/openbravo/erpCommon/info/BusinessPartner.java Tue Jun 04
10:03:45 2019 +0000
+++ b/src/org/openbravo/erpCommon/info/BusinessPartner.java Thu May 09
14:52:16 2019 -0400
@@ -11,7 +11,7 @@
* under the License.
* The Original Code is Openbravo ERP.
* The Initial Developer of the Original Code is Openbravo SLU
- * All portions are Copyright (C) 2001-2010 Openbravo SLU
+ * All portions are Copyright (C) 2001-2019 Openbravo SLU
* All Rights Reserved.
* Contributor(s): ______________________________________.
************************************************************************
@@ -29,6 +29,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
import org.openbravo.base.filter.RequestFilter;
import org.openbravo.base.filter.ValueListFilter;
import org.openbravo.base.secureApp.HttpSecureAppServlet;
@@ -445,24 +446,12 @@
if (headers[k].getField("adReferenceId").equals("32")) {
strRowsData.append(strReplaceWith).append("/images/");
}
- strRowsData.append(data[j].getField(columnname)
- .replaceAll("<b>", "")
- .replaceAll("<B>", "")
- .replaceAll("</b>", "")
- .replaceAll("</B>", "")
- .replaceAll("<i>", "")
- .replaceAll("<I>", "")
- .replaceAll("</i>", "")
- .replaceAll("</I>", "")
- .replaceAll("<p>", " ")
- .replaceAll("<P>", " ")
- .replaceAll("<br>", " ")
- .replaceAll("<BR>", " "));
+
strRowsData.append(StringEscapeUtils.escapeHtml(data[j].getField(columnname)));
} else {
if (headers[k].getField("adReferenceId").equals("32")) {
strRowsData.append(strReplaceWith).append("/images/blank.gif");
} else {
- strRowsData.append(" ");
+ strRowsData.append(StringEscapeUtils.escapeHtml(" "));
}
}
strRowsData.append("]]></td>\n");
diff -r 98b6ff97783d -r 1fddb0a46a5b
src/org/openbravo/erpCommon/info/BusinessPartnerMultiple.java
--- a/src/org/openbravo/erpCommon/info/BusinessPartnerMultiple.java Tue Jun
04 10:03:45 2019 +0000
+++ b/src/org/openbravo/erpCommon/info/BusinessPartnerMultiple.java Thu May
09 14:52:16 2019 -0400
@@ -11,7 +11,7 @@
* under the License.
* The Original Code is Openbravo ERP.
* The Initial Developer of the Original Code is Openbravo SLU
- * All portions are Copyright (C) 2001-2012 Openbravo SLU
+ * All portions are Copyright (C) 2001-2019 Openbravo SLU
* All Rights Reserved.
* Contributor(s): ______________________________________.
************************************************************************
@@ -29,6 +29,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
import org.openbravo.base.filter.RequestFilter;
import org.openbravo.base.filter.ValueListFilter;
import org.openbravo.base.secureApp.HttpSecureAppServlet;
@@ -367,24 +368,12 @@
if (headers[k].getField("adReferenceId").equals("32")) {
strRowsData.append(strReplaceWith).append("/images/");
}
- strRowsData.append(data[j].getField(columnname)
- .replaceAll("<b>", "")
- .replaceAll("<B>", "")
- .replaceAll("</b>", "")
- .replaceAll("</B>", "")
- .replaceAll("<i>", "")
- .replaceAll("<I>", "")
- .replaceAll("</i>", "")
- .replaceAll("</I>", "")
- .replaceAll("<p>", " ")
- .replaceAll("<P>", " ")
- .replaceAll("<br>", " ")
- .replaceAll("<BR>", " "));
+
strRowsData.append(StringEscapeUtils.escapeHtml(data[j].getField(columnname)));
} else {
if (headers[k].getField("adReferenceId").equals("32")) {
strRowsData.append(strReplaceWith).append("/images/blank.gif");
} else {
- strRowsData.append(" ");
+ strRowsData.append(StringEscapeUtils.escapeHtml(" "));
}
}
strRowsData.append("]]></td>\n");
diff -r 98b6ff97783d -r 1fddb0a46a5b
src/org/openbravo/erpCommon/info/DebtPayment.java
--- a/src/org/openbravo/erpCommon/info/DebtPayment.java Tue Jun 04 10:03:45
2019 +0000
+++ b/src/org/openbravo/erpCommon/info/DebtPayment.java Thu May 09 14:52:16
2019 -0400
@@ -11,7 +11,7 @@
* under the License.
* The Original Code is Openbravo ERP.
* The Initial Developer of the Original Code is Openbravo SLU
- * All portions are Copyright (C) 2001-2011 Openbravo SLU
+ * All portions are Copyright (C) 2001-2019 Openbravo SLU
* All Rights Reserved.
* Contributor(s): ______________________________________.
************************************************************************
@@ -31,6 +31,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
import org.openbravo.base.filter.RequestFilter;
import org.openbravo.base.filter.ValueListFilter;
import org.openbravo.base.secureApp.HttpSecureAppServlet;
@@ -352,24 +353,12 @@
if (headers[k].getField("adReferenceId").equals("32")) {
strRowsData.append(strReplaceWith).append("/images/");
}
- strRowsData.append(data[j].getField(columnname)
- .replaceAll("<b>", "")
- .replaceAll("<B>", "")
- .replaceAll("</b>", "")
- .replaceAll("</B>", "")
- .replaceAll("<i>", "")
- .replaceAll("<I>", "")
- .replaceAll("</i>", "")
- .replaceAll("</I>", "")
- .replaceAll("<p>", " ")
- .replaceAll("<P>", " ")
- .replaceAll("<br>", " ")
- .replaceAll("<BR>", " "));
+
strRowsData.append(StringEscapeUtils.escapeHtml(data[j].getField(columnname)));
} else {
if (headers[k].getField("adReferenceId").equals("32")) {
strRowsData.append(strReplaceWith).append("/images/blank.gif");
} else {
- strRowsData.append(" ");
+ strRowsData.append(StringEscapeUtils.escapeHtml(" "));
}
}
strRowsData.append("]]></td>\n");
diff -r 98b6ff97783d -r 1fddb0a46a5b
src/org/openbravo/erpCommon/info/DocTypeMultiple.java
--- a/src/org/openbravo/erpCommon/info/DocTypeMultiple.java Tue Jun 04
10:03:45 2019 +0000
+++ b/src/org/openbravo/erpCommon/info/DocTypeMultiple.java Thu May 09
14:52:16 2019 -0400
@@ -11,7 +11,7 @@
* under the License.
* The Original Code is Openbravo ERP.
* The Initial Developer of the Original Code is Openbravo SLU
- * All portions are Copyright (C) 2014 Openbravo SLU
+ * All portions are Copyright (C) 2014-2019 Openbravo SLU
* All Rights Reserved.
* Contributor(s): ______________________________________.
************************************************************************
@@ -27,6 +27,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
import org.openbravo.base.filter.RequestFilter;
import org.openbravo.base.filter.ValueListFilter;
import org.openbravo.base.secureApp.HttpSecureAppServlet;
@@ -290,24 +291,12 @@
if (headers[k].getField("adReferenceId").equals("32")) {
strRowsData.append(strReplaceWith).append("/images/");
}
- strRowsData.append(data[j].getField(columnname)
- .replaceAll("<b>", "")
- .replaceAll("<B>", "")
- .replaceAll("</b>", "")
- .replaceAll("</B>", "")
- .replaceAll("<i>", "")
- .replaceAll("<I>", "")
- .replaceAll("</i>", "")
- .replaceAll("</I>", "")
- .replaceAll("<p>", " ")
- .replaceAll("<P>", " ")
- .replaceAll("<br>", " ")
- .replaceAll("<BR>", " "));
+
strRowsData.append(StringEscapeUtils.escapeHtml(data[j].getField(columnname)));
} else {
if (headers[k].getField("adReferenceId").equals("32")) {
strRowsData.append(strReplaceWith).append("/images/blank.gif");
} else {
- strRowsData.append(" ");
+ strRowsData.append(StringEscapeUtils.escapeHtml(" "));
}
}
strRowsData.append("]]></td>\n");
diff -r 98b6ff97783d -r 1fddb0a46a5b
src/org/openbravo/erpCommon/info/Invoice.java
--- a/src/org/openbravo/erpCommon/info/Invoice.java Tue Jun 04 10:03:45
2019 +0000
+++ b/src/org/openbravo/erpCommon/info/Invoice.java Thu May 09 14:52:16
2019 -0400
@@ -11,7 +11,7 @@
* under the License.
* The Original Code is Openbravo ERP.
* The Initial Developer of the Original Code is Openbravo SLU
- * All portions are Copyright (C) 2001-2016 Openbravo SLU
+ * All portions are Copyright (C) 2001-2019 Openbravo SLU
* All Rights Reserved.
* Contributor(s): ______________________________________.
************************************************************************
@@ -29,6 +29,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
import org.openbravo.base.filter.RequestFilter;
_______________________________________________
Openbravo-commits mailing list
Openbravo-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openbravo-commits
