[jira] Commented: (OFBIZ-2189) Error occurs using XML-Import from webtools

Sat, 14 Feb 2009 00:14:26 -0800 

    [ 
https://issues.apache.org/jira/browse/OFBIZ-2189?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12673478#action_12673478
 ] 

Ashish Nagar commented on OFBIZ-2189:
-------------------------------------

Thanks David for providing fix for this issue.But i still have some doubts on 
that statement of StringUtil.java,

// check for "<", ">"
if (value.indexOf("<") >= 0 || value.indexOf("<") >= 0) {

Some things i found are :

1) Same condition is checked on both sides of OR.(I hope second condition 
should be a check for ">" sign)
2) Now anyone can put Entity Engine XML documents without bothering the syntax 
of initial tag <entity-engine-xml>, instead he can start with 
"><entity-engine-xml>".
3) Admin user can put any type of text(other than XML docs) inside the 
enclosing tags <entity-engine-xml> & can click on import text button.(There 
should be error message asking to put XML tags)

However i wonder as this condition "if (value.indexOf("<") >= 0 || 
value.indexOf("<") >= 0) {" will check the initial occurrence of "<" in the 
given text.But what i found is in StringUtil.java the value object does not 
contain the text value imported.So the value.indexOf("<") always evaluates to 
-1. So the input value is not validated upon these symbols.


I will be more than pleasured if you correct me if i am in wrong direction & 
provide suggestions.



> Error occurs using XML-Import from webtools
> -------------------------------------------
>
>                 Key: OFBIZ-2189
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-2189
>             Project: OFBiz
>          Issue Type: Bug
>          Components: framework
>    Affects Versions: SVN trunk
>            Reporter: Ashish Nagar
>            Assignee: David E. Jones
>             Fix For: SVN trunk
>
>   Original Estimate: 3h
>  Remaining Estimate: 3h
>
> While using uploading Entity Engine XML documents , error is occuring 
> [  ServiceDispatcher.java:368:ERROR] 
> ---- exception report 
> ----------------------------------------------------------
> Incoming context (in runSync : entityImport) does not match expected 
> requirements
> Exception: org.ofbiz.service.ServiceValidationException
> Message: In field [fulltext] greater-than (>) and less-than (<) symbols are 
> not allowed.
> ---- stack trace 
> ---------------------------------------------------------------
> org.ofbiz.service.ServiceValidationException: In field [fulltext] 
> greater-than (>) and less-than (<) symbols are not allowed.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to