You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2020/06/16 12:05:30 UTC
[ofbiz-framework] branch trunk updated: Improved: Checks if the
value passed to checkStringForHtmlSafe is not null (OFBIZ-11822)
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 488b9b6 Improved: Checks if the value passed to checkStringForHtmlSafe is not null (OFBIZ-11822)
488b9b6 is described below
commit 488b9b6b9a914777f4e56bbac611c72159564b2b
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Tue Jun 16 13:57:34 2020 +0200
Improved: Checks if the value passed to checkStringForHtmlSafe is not null (OFBIZ-11822)
This was reported by SpotBugs in Eclipse to prevent a possible NPE.
It seems to me that it's more complex than that because of the
PolicyFactory::sanitize methods signatures where @Nullable annotation is
used. So the SpotBugs warning remains, anyway can't hurt.
BTW found 92 issues reported by SpotBugs in Eclipse, among them 33 are "scary"
I had to add 1 to tasks.checkstyleMain.maxErrors because of
https://github.com/apache/ofbiz-framework/pull/203 that I pulled after the push
was rejected by the pre-push local Git hook
---
build.gradle | 2 +-
.../java/org/apache/ofbiz/base/util/UtilCodec.java | 22 ++++++++++++----------
2 files changed, 13 insertions(+), 11 deletions(-)
diff --git a/build.gradle b/build.gradle
index 649a4b5..cef4afd 100644
--- a/build.gradle
+++ b/build.gradle
@@ -287,7 +287,7 @@ checkstyle {
// the sum of errors found last time it was changed after using the
// ‘checkstyle’ tool present in the framework and in the official
// plugins.
- tasks.checkstyleMain.maxErrors = 26759
+ tasks.checkstyleMain.maxErrors = 26760
// Currently there are a lot of errors so we need to temporarily
// hide them to avoid polluting the terminal output.
showViolations = false
diff --git a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java
index de9ef6e..c2793d9 100644
--- a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java
+++ b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java
@@ -484,17 +484,19 @@ public class UtilCodec {
+ "Beware: the result is not rightly checked!", MODULE);
}
- String filtered = policy.sanitize(value);
- if (!value.equals(StringEscapeUtils.unescapeHtml4(filtered))) {
- String issueMsg = null;
- if (locale.equals(new Locale("test"))) {
- issueMsg = "In field [" + valueName + "] by our input policy, your input has not been accepted "
- + "for security reason. Please check and modify accordingly, thanks.";
- } else {
- issueMsg = UtilProperties.getMessage("SecurityUiLabels","PolicySafe",
- UtilMisc.toMap("valueName", valueName), locale);
+ if (value != null) {
+ String filtered = policy.sanitize(value);
+ if (filtered != null && !value.equals(StringEscapeUtils.unescapeHtml4(filtered))) {
+ String issueMsg = null;
+ if (locale.equals(new Locale("test"))) {
+ issueMsg = "In field [" + valueName + "] by our input policy, your input has not been accepted "
+ + "for security reason. Please check and modify accordingly, thanks.";
+ } else {
+ issueMsg = UtilProperties.getMessage("SecurityUiLabels","PolicySafe",
+ UtilMisc.toMap("valueName", valueName), locale);
+ }
+ errorMessageList.add(issueMsg);
}
- errorMessageList.add(issueMsg);
}
return value;