[Dhis2-devs] [Bug 430657] Re: Date text field needs validation rule in data entry screen
** Changed in: dhis2 Status: Triaged = Fix Committed -- Date text field needs validation rule in data entry screen https://bugs.launchpad.net/bugs/430657 You received this bug notification because you are a member of DHIS 2 developers, which is subscribed to DHIS. Status in DHIS 2 - District Health Information Software: Fix Committed Bug description: DHIS2 -- Services -- Data Entry Here after selecting appropriate organisation unit, data set and period we get data entry screen, here we fill data one by one, after that we press complete button below the data entry form page and we enter some garbage character or special character or numbers in the date text field and it shows it is saving those values. Here we think this complete button should have some validation so that it prompts while clicking it if we fill some other characters inside date text field. ___ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp
[Dhis2-devs] [Bug 430657] Re: Date text field needs validation rule in data entry screen
** Changed in: dhis2 Status: Confirmed = Fix Committed -- Date text field needs validation rule in data entry screen https://bugs.launchpad.net/bugs/430657 You received this bug notification because you are a member of DHIS 2 developers, which is subscribed to DHIS. Status in DHIS 2 - District Health Information Software: Fix Committed Bug description: DHIS2 -- Services -- Data Entry Here after selecting appropriate organisation unit, data set and period we get data entry screen, here we fill data one by one, after that we press complete button below the data entry form page and we enter some garbage character or special character or numbers in the date text field and it shows it is saving those values. Here we think this complete button should have some validation so that it prompts while clicking it if we fill some other characters inside date text field. ___ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp
[Dhis2-devs] [Bug 430657] Re: Date text field needs validation rule in data entry screen
** Changed in: dhis2 Status: Fix Committed = Triaged -- Date text field needs validation rule in data entry screen https://bugs.launchpad.net/bugs/430657 You received this bug notification because you are a member of DHIS 2 developers, which is subscribed to DHIS. Status in DHIS 2 - District Health Information Software: Triaged Bug description: DHIS2 -- Services -- Data Entry Here after selecting appropriate organisation unit, data set and period we get data entry screen, here we fill data one by one, after that we press complete button below the data entry form page and we enter some garbage character or special character or numbers in the date text field and it shows it is saving those values. Here we think this complete button should have some validation so that it prompts while clicking it if we fill some other characters inside date text field. ___ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp
[Dhis2-devs] [Bug 430657] Re: Date text field needs validation rule in data entry screen
** Changed in: dhis2 Assignee: Lars Helge Øverland (larshelge) = Thu Tran (tran-hispvietnam) -- Date text field needs validation rule in data entry screen https://bugs.launchpad.net/bugs/430657 You received this bug notification because you are a member of DHIS 2 developers, which is subscribed to DHIS. Status in DHIS 2 - District Health Information Software: Confirmed Bug description: DHIS2 -- Services -- Data Entry Here after selecting appropriate organisation unit, data set and period we get data entry screen, here we fill data one by one, after that we press complete button below the data entry form page and we enter some garbage character or special character or numbers in the date text field and it shows it is saving those values. Here we think this complete button should have some validation so that it prompts while clicking it if we fill some other characters inside date text field. ___ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp
Re: [Dhis2-devs] [Bug 430657] Re: Date text field needs validation rule in data entry screen
2009/12/23 Lars Helge Øverland larshe...@gmail.com On Wed, Dec 23, 2009 at 4:01 AM, Hieu Dang Duy hieu.hispviet...@gmail.com wrote: Dear Saptarshi, I'm not good at about security, I also knew that using javascript it's really not safe in web application. By the way, I have a small idea about this issue that. Not surely, have any configuration/setting about date in DHIS2 program ? Unless, I think we can make a new setting for this one. I meant we should make a pattern setting for date format, ie. -mm-dd for DataEntry module. Or can be expanding to use for our whole system. In that case, we can easily use any kind of validations with that pattern setting in either client-side (javascript) or server-side (java). Thanks for your suggestion ! Hi, I would say that we should stick with -mm-dd for input for now, to me the added complexity of configurable date input formats justifies the benefit... Re validation, we do have server side validation for meta data like data elements, indicators, data set etc. A problem is that we have separate action classes for validation and adding/updating (this was done with separation-of-concerns in mind). This poses a threat since a malicious user could bypass this by turning off javascript in the browser or sending direct GET-requests. Btw I wouldn't say avoiding javascript validation is the answer, rather having both where its possible. Agreed it is not an either/or thing. Validation at the browser and validation at the server actually serve two different purposes. Client side validation is really a convenience to the user to prevent having to enter data only to find that the data is later rejected after the http post/get. Catching the validation problem early allows for a slicker and more friendly user interface. But because it can be easily bypassed it is not a mechanism for protecting the integrity of data to be persisted and should not be used with that in mind. That is the purpose of server side validation. But of course we all know that Sorry I haven't looked much at the validation action classes so I can't really comment much. But shouldn't the validation be a function of the model layer (as low down as it can be pushed) and be un-bypassable?. This way it also applies to data input from other sources than the web ui. Bob Lars ___ Mailing list: https://launchpad.net/~dhis2-devshttps://launchpad.net/%7Edhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devshttps://launchpad.net/%7Edhis2-devs More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp
Re: [Dhis2-devs] [Bug 430657] Re: Date text field needs validation rule in data entry screen
Well, usually this would be the case, that there would be validation at the database level, but given the database agnostic nature of DHIS, I have no idea how or if this can be done. I would think that the period -MM-YY value should actually be stored as a real date type. Currently, I think it is only text. The same can be said for the datavalue table, which stores values as text, instead of having a datavalue table with multiple columns (one for integers, reals, booleans, text and so forth, similar to DHIS 1.4) , each with real db data types. Of course, placing other constraints at the db level is also possible, but have no idea how to do this with hibernate. 2009/12/23 Bob Jolliffe bobjolli...@gmail.com 2009/12/23 Lars Helge Øverland larshe...@gmail.com On Wed, Dec 23, 2009 at 4:01 AM, Hieu Dang Duy hieu.hispviet...@gmail.com wrote: Dear Saptarshi, I'm not good at about security, I also knew that using javascript it's really not safe in web application. By the way, I have a small idea about this issue that. Not surely, have any configuration/setting about date in DHIS2 program ? Unless, I think we can make a new setting for this one. I meant we should make a pattern setting for date format, ie. -mm-dd for DataEntry module. Or can be expanding to use for our whole system. In that case, we can easily use any kind of validations with that pattern setting in either client-side (javascript) or server-side (java). Thanks for your suggestion ! Hi, I would say that we should stick with -mm-dd for input for now, to me the added complexity of configurable date input formats justifies the benefit... Re validation, we do have server side validation for meta data like data elements, indicators, data set etc. A problem is that we have separate action classes for validation and adding/updating (this was done with separation-of-concerns in mind). This poses a threat since a malicious user could bypass this by turning off javascript in the browser or sending direct GET-requests. Btw I wouldn't say avoiding javascript validation is the answer, rather having both where its possible. Agreed it is not an either/or thing. Validation at the browser and validation at the server actually serve two different purposes. Client side validation is really a convenience to the user to prevent having to enter data only to find that the data is later rejected after the http post/get. Catching the validation problem early allows for a slicker and more friendly user interface. But because it can be easily bypassed it is not a mechanism for protecting the integrity of data to be persisted and should not be used with that in mind. That is the purpose of server side validation. But of course we all know that Sorry I haven't looked much at the validation action classes so I can't really comment much. But shouldn't the validation be a function of the model layer (as low down as it can be pushed) and be un-bypassable?. This way it also applies to data input from other sources than the web ui. Bob Lars ___ Mailing list: https://launchpad.net/~dhis2-devshttps://launchpad.net/%7Edhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devshttps://launchpad.net/%7Edhis2-devs More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp
Re: [Dhis2-devs] [Bug 430657] Re: Date text field needs validation rule in data entry screen
Hi, I don't think a validation in model layer is a good idea. Because a validator have to throw back to the view layer the error messages. If we validate at model layer, then for validating, a parameter have to go from view layer, through the controller to the model layer. Then if there would be error, the messages will be throw back through 2 layers. I think its not good for the framework. From what I have been doing with my spring mvc project. I have some ideas for this problem : - Create a custom action called EntityAction that can handle Add, Update and delete actions for one entity. - Validation can be a method of the action class or a separate class, but it should not be an action. It will be called right after the action accepting the request. Then only if the validation is success the action will call the corresponding method which can be add, update, delete or execute. If there is error, we can return the same view file include all the values of the parameter that were accepted before and the error messages. - For validating jobs, all the rules that are alidated at the view layer by javascript, I always have to validate them again at the controller layer. And I try to validate as much as I can at the view layer, because it will make the view layer becomes more user-friendly. To apply those things, I think we will have many works to do, but they are doable. Hope this can help. regards, On Wed, Dec 23, 2009 at 6:44 PM, Jason Pickering jason.p.picker...@gmail.com wrote: Well, usually this would be the case, that there would be validation at the database level, but given the database agnostic nature of DHIS, I have no idea how or if this can be done. I would think that the period -MM-YY value should actually be stored as a real date type. Currently, I think it is only text. The same can be said for the datavalue table, which stores values as text, instead of having a datavalue table with multiple columns (one for integers, reals, booleans, text and so forth, similar to DHIS 1.4) , each with real db data types. Of course, placing other constraints at the db level is also possible, but have no idea how to do this with hibernate. 2009/12/23 Bob Jolliffe bobjolli...@gmail.com 2009/12/23 Lars Helge Øverland larshe...@gmail.com On Wed, Dec 23, 2009 at 4:01 AM, Hieu Dang Duy hieu.hispviet...@gmail.com wrote: Dear Saptarshi, I'm not good at about security, I also knew that using javascript it's really not safe in web application. By the way, I have a small idea about this issue that. Not surely, have any configuration/setting about date in DHIS2 program ? Unless, I think we can make a new setting for this one. I meant we should make a pattern setting for date format, ie. -mm-dd for DataEntry module. Or can be expanding to use for our whole system. In that case, we can easily use any kind of validations with that pattern setting in either client-side (javascript) or server-side (java). Thanks for your suggestion ! Hi, I would say that we should stick with -mm-dd for input for now, to me the added complexity of configurable date input formats justifies the benefit... Re validation, we do have server side validation for meta data like data elements, indicators, data set etc. A problem is that we have separate action classes for validation and adding/updating (this was done with separation-of-concerns in mind). This poses a threat since a malicious user could bypass this by turning off javascript in the browser or sending direct GET-requests. Btw I wouldn't say avoiding javascript validation is the answer, rather having both where its possible. Agreed it is not an either/or thing. Validation at the browser and validation at the server actually serve two different purposes. Client side validation is really a convenience to the user to prevent having to enter data only to find that the data is later rejected after the http post/get. Catching the validation problem early allows for a slicker and more friendly user interface. But because it can be easily bypassed it is not a mechanism for protecting the integrity of data to be persisted and should not be used with that in mind. That is the purpose of server side validation. But of course we all know that Sorry I haven't looked much at the validation action classes so I can't really comment much. But shouldn't the validation be a function of the model layer (as low down as it can be pushed) and be un-bypassable?. This way it also applies to data input from other sources than the web ui. Bob Lars ___ Mailing list: https://launchpad.net/~dhis2-devshttps://launchpad.net/%7Edhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devshttps://launchpad.net/%7Edhis2-devs More help : https://help.launchpad.net/ListHelp
Re: [Dhis2-devs] [Bug 430657] Re: Date text field needs validation rule in data entry screen
It's an well accepted pattern in data driven application (like ours), validation should be done ideally at the model layer... and when I raised the point of not doing it in JavaScript, I meant not doing that as default. By default doing the validation in model layer and then second for better UI, lesser server load and other benefits, doing the JavaScript validation... Doing it in web actions is somewhat doing it in the Controller, which is what I originally meant as a bad design, where chances are we can/have gone wrong. --- Regards, Saptarshi PURKAYASTHA Director R D, HISP India Health Information Systems Programme My Tech Blog: http://sunnytalkstech.blogspot.com You Live by CHOICE, Not by CHANCE 2009/12/23 Viet Nguyen phamquocv...@gmail.com Hi, I don't think a validation in model layer is a good idea. Because a validator have to throw back to the view layer the error messages. If we validate at model layer, then for validating, a parameter have to go from view layer, through the controller to the model layer. Then if there would be error, the messages will be throw back through 2 layers. I think its not good for the framework. From what I have been doing with my spring mvc project. I have some ideas for this problem : - Create a custom action called EntityAction that can handle Add, Update and delete actions for one entity. - Validation can be a method of the action class or a separate class, but it should not be an action. It will be called right after the action accepting the request. Then only if the validation is success the action will call the corresponding method which can be add, update, delete or execute. If there is error, we can return the same view file include all the values of the parameter that were accepted before and the error messages. - For validating jobs, all the rules that are alidated at the view layer by javascript, I always have to validate them again at the controller layer. And I try to validate as much as I can at the view layer, because it will make the view layer becomes more user-friendly. To apply those things, I think we will have many works to do, but they are doable. Hope this can help. regards, On Wed, Dec 23, 2009 at 6:44 PM, Jason Pickering jason.p.picker...@gmail.com wrote: Well, usually this would be the case, that there would be validation at the database level, but given the database agnostic nature of DHIS, I have no idea how or if this can be done. I would think that the period -MM-YY value should actually be stored as a real date type. Currently, I think it is only text. The same can be said for the datavalue table, which stores values as text, instead of having a datavalue table with multiple columns (one for integers, reals, booleans, text and so forth, similar to DHIS 1.4) , each with real db data types. Of course, placing other constraints at the db level is also possible, but have no idea how to do this with hibernate. 2009/12/23 Bob Jolliffe bobjolli...@gmail.com 2009/12/23 Lars Helge Øverland larshe...@gmail.com On Wed, Dec 23, 2009 at 4:01 AM, Hieu Dang Duy hieu.hispviet...@gmail.com wrote: Dear Saptarshi, I'm not good at about security, I also knew that using javascript it's really not safe in web application. By the way, I have a small idea about this issue that. Not surely, have any configuration/setting about date in DHIS2 program ? Unless, I think we can make a new setting for this one. I meant we should make a pattern setting for date format, ie. -mm-dd for DataEntry module. Or can be expanding to use for our whole system. In that case, we can easily use any kind of validations with that pattern setting in either client-side (javascript) or server-side (java). Thanks for your suggestion ! Hi, I would say that we should stick with -mm-dd for input for now, to me the added complexity of configurable date input formats justifies the benefit... Re validation, we do have server side validation for meta data like data elements, indicators, data set etc. A problem is that we have separate action classes for validation and adding/updating (this was done with separation-of-concerns in mind). This poses a threat since a malicious user could bypass this by turning off javascript in the browser or sending direct GET-requests. Btw I wouldn't say avoiding javascript validation is the answer, rather having both where its possible. Agreed it is not an either/or thing. Validation at the browser and validation at the server actually serve two different purposes. Client side validation is really a convenience to the user to prevent having to enter data only to find that the data is later rejected after the http post/get. Catching the validation problem early allows for a slicker and more friendly user interface. But because it can be easily bypassed it is not a mechanism for protecting the integrity of
Re: [Dhis2-devs] [Bug 430657] Re: Date text field needs validation rule in data entry screen
On Wed, Dec 23, 2009 at 5:42 PM, Bob Jolliffe bobjolli...@gmail.com wrote: As always there is not a single right and wrong answer here. There are some things (usually different things) that might need to be validated at different levels of the application. But things which might make a mess of the model should be validated by the model (or the service layer as I see Lars has just chiped in :-). I'm not sure if I really buy the idea that communication of problems at the model shouldn't percolate up to the UI. Are we saying that from a UI perspective, an update, delete or add should allows be assumed to just succeed? Of course these will sometimes fail and of course we have to feed that back up (whether by exception or return value - whichever is least evil). Just to clarify... Right now we do validation of things like uniqueness and non-null-ability in separate actions. If we push this down to the service layer I do believe that this should happen in a separate method. It could be the client/presentation layers responsibility to call that validation method before calling the business method. If the business method still fails we are dealing with insufficient validation or programming errors. In that case we could naturally handle that with a checked or unchecked exception which could be caught in the presentation layer. But I do think mixing validation and business logic code in the same method is not to separate concerns... ___ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp
Re: [Dhis2-devs] [Bug 430657] Re: Date text field needs validation rule in data entry screen
Hi, As always there is not a single right and wrong answer here. There are some things (usually different things) that might need to be validated at different levels of the application. But things which might make a mess of the model should be validated by the model (or the service layer as I see Lars has just chiped in :-). I'm not sure if I really buy the idea that communication of problems at the model shouldn't percolate up to the UI. Are we saying that from a UI perspective, an update, delete or add should allows be assumed to just succeed? Of course these will sometimes fail and of course we have to feed that back up (whether by exception or return value - whichever is least evil). Its sure will be better if you have a validator at model layer. But I think all the rules that you validate at model layer, also have to be validated at controller and view layer. The data go from top to bottom layer, and my point is, its must be validate as much as it can at each layer. I think of each layer as a firewall, and for each layer the data is passing, it will be more safe or reliable. User can by pass the javascript which is the view layer, so the controller will be the main gate, and it should be responsible for all the data that it passes to the model layer. If there is an error in the save, update, delete method, it should be an error related to the database or the business logic of the application, not the data itself. And this error also should not be throw directly to the user, there should be a custom exception handler message. Anyway, this is my first time discussing on this mailing list, so .. just sharing my opinion about this validation things :) @Lars: what about having a custom abstract action class that will overwrite the execute method . It will first call the validate abstract method, then call the handleRequest abstract method, those abstract methods will be implemented by extended action class. Something like this : public String execute() throws Exception { if( validate() ) return handleRequest(); else return ERROR; } Is this possible ? 2009/12/23 Lars Helge Øverland larshe...@gmail.com On Wed, Dec 23, 2009 at 5:42 PM, Bob Jolliffe bobjolli...@gmail.comwrote: As always there is not a single right and wrong answer here. There are some things (usually different things) that might need to be validated at different levels of the application. But things which might make a mess of the model should be validated by the model (or the service layer as I see Lars has just chiped in :-). I'm not sure if I really buy the idea that communication of problems at the model shouldn't percolate up to the UI. Are we saying that from a UI perspective, an update, delete or add should allows be assumed to just succeed? Of course these will sometimes fail and of course we have to feed that back up (whether by exception or return value - whichever is least evil). Just to clarify... Right now we do validation of things like uniqueness and non-null-ability in separate actions. If we push this down to the service layer I do believe that this should happen in a separate method. It could be the client/presentation layers responsibility to call that validation method before calling the business method. If the business method still fails we are dealing with insufficient validation or programming errors. In that case we could naturally handle that with a checked or unchecked exception which could be caught in the presentation layer. But I do think mixing validation and business logic code in the same method is not to separate concerns... ___ Mailing list: https://launchpad.net/~dhis2-devshttps://launchpad.net/%7Edhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devshttps://launchpad.net/%7Edhis2-devs More help : https://help.launchpad.net/ListHelp -- Nguyen Pham Hoang Quoc Viet ___ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp
Re: [Dhis2-devs] [Bug 430657] Re: Date text field needs validation rule in data entry screen
Hi Saptarshi, It's an well accepted pattern in data driven application (like ours), validation should be done ideally at the model layer... and when I raised the point of not doing it in JavaScript, I meant not doing that as default. By default doing the validation in model layer and then second for better UI, lesser server load and other benefits, doing the JavaScript validation... Doing it in web actions is somewhat doing it in the Controller, which is what I originally meant as a bad design, where chances are we can/have gone wrong. I'm not sure about your point. Lets skip the javascript by pass things and talk about normal user. For them, the javascript validator should be more user friendly. Actually, the purpose of the javascript validator beside data security is user friendly and less request to the server. What a common javascript validator should do is : - Validate the data after user finished entering value for one text field. Then show the error when user change focus to another text field. By this way, user can know they made a mistake right after they finished entering the value and change it at once. - Do not allow user to commit the form unless all the validation rule are passed. By those things, we can reduce the number of time that user will submit the form. And there should be many more advance methods that we can do. Like the user can not type a character into a number text fieldetc.. I have fixed the validation bug from STQC in dhis india branch, just for the maintanance module. Its still in progress but you can check out the latest code , run the Add User form and see the result. I used the jquery validator plugin. The only problem that i got is ... the language for the error message... I have a file where I can defined all the error messages in different languages. But for that, I need the current language code...which I could not find ... Current, I have to ref the bean LocaleManager and then get the countryCode and languageCode from itwhich I think..is not a really good way. The code should be somewhere in the interceptor... regards, ___ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp
Re: [Dhis2-devs] [Bug 430657] Re: Date text field needs validation rule in data entry screen
I dont think it is good to validate through javascript unless it is a very simple thing and not really data saving related. In DHIS2, we have this clientside validation without any server validation. The STQC guys have found only few, but as a pattern we lack that in our design. Im sure the security testing guys are going 2 find more bugs with validation. So i suggest unless its a UI thing we should avoid javascript validation. On 12/22/09, Hieu Dang Duy hieu.hispviet...@gmail.com wrote: Yeas, I've prepared this function for this one before. 2009/12/22 Lars Helge Øverland larshe...@gmail.com On Tue, Dec 22, 2009 at 11:50 AM, Hieu Dang Duy hieu.hispviet...@gmail.comwrote: Hi Lars, Can I fix this slight bug ? I've got a normal way to do this without using validation for text date field in this case of DataEntry ... That's is disable this text field on mouse out and enable on mouse over. We do not allow anyone type anything in this field. How do you think about this ? Hi Hieu, no we cannot do that, people often enter dates manually, which we should allow. But we could need a general validation of date fields in the system. Can you create a javascript method (maybe using regex?) that does validation on our date format? (which is '-MM-dd') Then we can put it in commons.js and use it consistently in the system... Lars -- Date text field needs validation rule in data entry screen https://bugs.launchpad.net/bugs/430657 You received this bug notification because you are a member of DHIS 2 developers, which is subscribed to DHIS. Status in DHIS 2 - District Health Information Software: Confirmed Bug description: DHIS2 -- Services -- Data Entry Here after selecting appropriate organisation unit, data set and period we get data entry screen, here we fill data one by one, after that we press complete button below the data entry form page and we enter some garbage character or special character or numbers in the date text field and it shows it is saving those values. Here we think this complete button should have some validation so that it prompts while clicking it if we fill some other characters inside date text field. ___ Mailing list: https://launchpad.net/~dhis2-devshttps://launchpad.net/%7Edhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devshttps://launchpad.net/%7Edhis2-devs More help : https://help.launchpad.net/ListHelp -- Hieu.HISPVietnam Good Health ! -- Sent from my mobile device --- Regards, Saptarshi PURKAYASTHA Director R D, HISP India Health Information Systems Programme My Tech Blog: http://sunnytalkstech.blogspot.com You Live by CHOICE, Not by CHANCE ___ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp
Re: [Dhis2-devs] [Bug 430657] Re: Date text field needs validation rule in data entry screen
On Wed, Dec 23, 2009 at 4:01 AM, Hieu Dang Duy hieu.hispviet...@gmail.comwrote: Dear Saptarshi, I'm not good at about security, I also knew that using javascript it's really not safe in web application. By the way, I have a small idea about this issue that. Not surely, have any configuration/setting about date in DHIS2 program ? Unless, I think we can make a new setting for this one. I meant we should make a pattern setting for date format, ie. -mm-dd for DataEntry module. Or can be expanding to use for our whole system. In that case, we can easily use any kind of validations with that pattern setting in either client-side (javascript) or server-side (java). Thanks for your suggestion ! Hi, I would say that we should stick with -mm-dd for input for now, to me the added complexity of configurable date input formats justifies the benefit... Re validation, we do have server side validation for meta data like data elements, indicators, data set etc. A problem is that we have separate action classes for validation and adding/updating (this was done with separation-of-concerns in mind). This poses a threat since a malicious user could bypass this by turning off javascript in the browser or sending direct GET-requests. Btw I wouldn't say avoiding javascript validation is the answer, rather having both where its possible. Lars ___ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp
[Dhis2-devs] [Bug 430657] Re: Date text field needs validation rule in data entry screen
** Changed in: dhis2 Assignee: (unassigned) = Lars Helge Øverland (larshelge) -- Date text field needs validation rule in data entry screen https://bugs.launchpad.net/bugs/430657 You received this bug notification because you are a member of DHIS 2 developers, which is subscribed to DHIS. Status in DHIS 2 - District Health Information Software: Confirmed Bug description: DHIS2 -- Services -- Data Entry Here after selecting appropriate organisation unit, data set and period we get data entry screen, here we fill data one by one, after that we press complete button below the data entry form page and we enter some garbage character or special character or numbers in the date text field and it shows it is saving those values. Here we think this complete button should have some validation so that it prompts while clicking it if we fill some other characters inside date text field. ___ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp
[Dhis2-devs] [Bug 430657] Re: Date text field needs validation rule in data entry screen
** Summary changed: - Date text field needs validation rule in form area or data entry screen + Date text field needs validation rule in data entry screen -- Date text field needs validation rule in data entry screen https://bugs.launchpad.net/bugs/430657 You received this bug notification because you are a member of DHIS 2 developers, which is subscribed to DHIS. Status in DHIS 2 - District Health Information Software: Confirmed Bug description: DHIS2 -- Services -- Data Entry Here after selecting appropriate organisation unit, data set and period we get data entry screen, here we fill data one by one, after that we press complete button below the data entry form page and we enter some garbage character or special character or numbers in the date text field and it shows it is saving those values. Here we think this complete button should have some validation so that it prompts while clicking it if we fill some other characters inside date text field. ___ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp