Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0040702Openbravo ERPZ. Otherspublic2019-04-04 13:422019-04-30 16:59
Reporteralostale 
Assigned Tononofrancisco 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target Version3.0PR19Q2Fixed in Version3.0PR19Q2 
Merge Request Status
Review Assigned ToSandrahuguet
OBNetwork customer
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0040702: use proper character escape
DescriptionIn the following classes
  src.org.openbravo.erpCommon.ad_reports.GeneralAccountingReports
  src.org.openbravo.erpCommon.ad_reports.ReportGeneralLedger
  src.org.openbravo.erpCommon.ad_reports.ReportGeneralLedgerJournal
  src.org.openbravo.erpCommon.ad_reports.ReportInvoiceCustomerDimensionalAnalysesJR
  src.org.openbravo.erpCommon.ad_reports.ReportMaterialDimensionalAnalysesJR
  src.org.openbravo.erpCommon.ad_reports.ReportSalesDimensionalAnalyzeJR
  src.org.openbravo.erpCommon.ad_reports.ReportShipmentDimensionalAnalyzeJR
  src.org.openbravo.erpCommon.ad_reports.ReportTrialBalance

escape html when directly printing it without xmlengine.
Steps To Reproduce-
Proposed SolutionIe use StringEscapeUtils.escapeHtml
Additional Information
TagsNo tags attached.
Relationships
blocks defect 0040524 closed nonofrancisco use proper character escape 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2019-04-29 13:35nonofranciscoTypedefect => backport
2019-04-29 13:35nonofranciscoTarget Version => 3.0PR19Q2
2019-04-30 16:58SandrahuguetNote Added: 0111397
2019-04-30 16:58SandrahuguetStatusscheduled => resolved
2019-04-30 16:58SandrahuguetFixed in SCM revision => https://code.openbravo.com/erp/backports/3.0PR19Q2/rev/98ad0cda8d6fe90cf7345b06c50bd21fe1669afb [^]
2019-04-30 16:58SandrahuguetResolutionopen => fixed
2019-04-30 16:59SandrahuguetReview Assigned To => Sandrahuguet
2019-04-30 16:59SandrahuguetNote Added: 0111400
2019-04-30 16:59SandrahuguetStatusresolved => closed
2019-04-30 16:59SandrahuguetFixed in Version => 3.0PR19Q2

Notes
(0111397)
Sandrahuguet   
2019-04-30 16:58   
Repository: erp/backports/3.0PR19Q2
Changeset: 98ad0cda8d6fe90cf7345b06c50bd21fe1669afb
Author: Nono Carballo <nonofce <at> gmail.com>
Date: Tue Apr 30 13:06:40 2019 +0200
URL: http://code.openbravo.com/erp/backports/3.0PR19Q2/rev/98ad0cda8d6fe90cf7345b06c50bd21fe1669afb [^] [^]

Fixes issue 40704: Escapes values printed to servlet response

Escapes values before printing them to Servlet response.

---
M src/org/openbravo/erpCommon/ad_reports/GeneralAccountingReports.java
M src/org/openbravo/erpCommon/ad_reports/ReportGeneralLedger.java
M src/org/openbravo/erpCommon/ad_reports/ReportGeneralLedgerJournal.java
M src/org/openbravo/erpCommon/ad_reports/ReportInvoiceCustomerDimensionalAnalysesJR.java
M src/org/openbravo/erpCommon/ad_reports/ReportMaterialDimensionalAnalysesJR.java
M src/org/openbravo/erpCommon/ad_reports/ReportSalesDimensionalAnalyzeJR.java
M src/org/openbravo/erpCommon/ad_reports/ReportShipmentDimensionalAnalyzeJR.java
M src/org/openbravo/erpCommon/ad_reports/ReportTrialBalance.java
(0111400)
Sandrahuguet   
2019-04-30 16:59   
Code review + testing ok