[Dhis2-devs] [Branch ~dhis2-devs-core/dhis2/trunk] Rev 9617: DataEntry - Multi-entry-org-unit form - Fixed bug save value.

2013-01-26 Thread noreply
revno: 9617 committer: Hieu branch nick: dhis2 timestamp: Sun 2013-01-27 00:30:38 +0700 message: DataEntry - Multi-entry-org-unit form - Fixed bug save value. modified: dhis-2/dhis-web/dhis-web-dataentry/src/main/webapp/dhis-web-dat

Re: [Dhis2-devs] dhis security issue

2013-01-26 Thread Morten Olav Hansen
Yes, at least in DHIS. It will make sure that no JS will be executed. There might be a need to also escape in input, but we don't do that at the moment, so what ends up in the database itself might be dangerous. But these things should always be escaped. -- Morten On Sat, Jan 26, 2013 at 5:59 PM

Re: [Dhis2-devs] dhis security issue

2013-01-26 Thread Ngoc Thanh Nguyen
No, I don't see it. But even by escaping the output, will it be completely secured? Thanh On Sat, Jan 26, 2013 at 11:42 PM, Morten Olav Hansen wrote: > Everything coming out of DHIS should be escaped. Are you saying that you > see the alert box where you can see the name? > > -- > Morten > > > O

Re: [Dhis2-devs] dhis security issue

2013-01-26 Thread Morten Olav Hansen
Everything coming out of DHIS should be escaped. Are you saying that you see the alert box where you can see the name? -- Morten On Sat, Jan 26, 2013 at 5:37 PM, Ngoc Thanh Nguyen < thanh.hispviet...@gmail.com> wrote: > Hi all, > > Sorry if this issue is irrelevant but when I tried to insert so

[Dhis2-devs] dhis security issue

2013-01-26 Thread Ngoc Thanh Nguyen
Hi all, Sorry if this issue is irrelevant but when I tried to insert something malicious script to dhis2 field, I got it stored, like this: [image: Inline image 1] It means that data are not filtered at all. In theory, it has a risk of XSS attack. How do we prevent that? Thanh <>

Re: [Dhis2-devs] Error generating resource tables

2013-01-26 Thread Jason Pickering
Hi Lars, You are right. The resource tables generated OK. In fact, it was this bug (?) which caused the problem. I think we need to put some check on the SQL views to prevent this from happening? On Sat, Jan 26, 2013 at 11:09 AM, Lars Helge Øverlan

[Dhis2-devs] [Branch ~dhis2-devs-core/dhis2/trunk] Rev 9616: Analytics, validation

2013-01-26 Thread noreply
revno: 9616 committer: Lars Helge Øverland branch nick: dhis2 timestamp: Sat 2013-01-26 10:20:27 +0200 message: Analytics, validation modified: dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/DataQu

Re: [Dhis2-devs] Error generating resource tables

2013-01-26 Thread Lars Helge Øverland
Hi Jason, it seems like the resource tables are generated okay. After that step, all of your (dhis) SQL views will be re-generated. I suspect its one of those which are failing. Try to run all of your SQL views independently and see if that will trigger an exception. Lars On Sat, Jan 26, 2013