Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0040704Openbravo ERPZ. Otherspublic2019-04-04 13:422019-04-30 16:59
Reporteralostale 
Assigned Tononofrancisco 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target Version3.0PR18Q4.4Fixed in Version3.0PR18Q4.4 
Merge Request Status
Review Assigned ToSandrahuguet
OBNetwork customerNo
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0040704: use proper character escape
DescriptionIn the following classes
  src.org.openbravo.erpCommon.ad_reports.GeneralAccountingReports
  src.org.openbravo.erpCommon.ad_reports.ReportGeneralLedger
  src.org.openbravo.erpCommon.ad_reports.ReportGeneralLedgerJournal
  src.org.openbravo.erpCommon.ad_reports.ReportInvoiceCustomerDimensionalAnalysesJR
  src.org.openbravo.erpCommon.ad_reports.ReportMaterialDimensionalAnalysesJR
  src.org.openbravo.erpCommon.ad_reports.ReportSalesDimensionalAnalyzeJR
  src.org.openbravo.erpCommon.ad_reports.ReportShipmentDimensionalAnalyzeJR
  src.org.openbravo.erpCommon.ad_reports.ReportTrialBalance

escape html when directly printing it without xmlengine.
Steps To Reproduce-
Proposed SolutionIe use StringEscapeUtils.escapeHtml
Additional Information
TagsNo tags attached.
Relationships
blocks defect 0040524 closed nonofrancisco use proper character escape 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2019-04-29 13:35nonofranciscoTypedefect => backport
2019-04-29 13:35nonofranciscoTarget Version => 3.0PR18Q4.4
2019-04-30 16:55hgbotCheckin
2019-04-30 16:56hgbotNote Added: 0111394
2019-04-30 16:56hgbotCheckin
2019-04-30 16:56hgbotNote Added: 0111395
2019-04-30 16:56hgbotStatusscheduled => resolved
2019-04-30 16:56hgbotResolutionopen => fixed
2019-04-30 16:56hgbotFixed in SCM revision => http://code.openbravo.com/erp/backports/3.0PR18Q4.4/rev/3f89a46a915d54575eae181fef5e691e74750ca7 [^]
2019-04-30 16:56hgbotResolutionopen => fixed
2019-04-30 16:56hgbotFixed in SCM revisionhttp://code.openbravo.com/erp/backports/3.0PR18Q4.4/rev/3f89a46a915d54575eae181fef5e691e74750ca7 [^] => http://code.openbravo.com/erp/backports/3.0PR19Q2/rev/98ad0cda8d6fe90cf7345b06c50bd21fe1669afb [^]
2019-04-30 16:58SandrahuguetNote Deleted: 0111395
2019-04-30 16:59SandrahuguetReview Assigned To => Sandrahuguet
2019-04-30 16:59SandrahuguetNote Added: 0111398
2019-04-30 16:59SandrahuguetStatusresolved => closed
2019-04-30 16:59SandrahuguetFixed in Version => 3.0PR18Q4.4

Notes
(0111394)
hgbot   
2019-04-30 16:55   
Repository: erp/backports/3.0PR18Q4.4
Changeset: 3f89a46a915d54575eae181fef5e691e74750ca7
Author: Nono Carballo <nonofce <at> gmail.com>
Date: Tue Apr 30 13:03:59 2019 +0200
URL: http://code.openbravo.com/erp/backports/3.0PR18Q4.4/rev/3f89a46a915d54575eae181fef5e691e74750ca7 [^]

Fixes issue 40704: Escapes values printed to servlet response

Escapes values before printing them to Servlet response.

---
M src/org/openbravo/erpCommon/ad_reports/GeneralAccountingReports.java
M src/org/openbravo/erpCommon/ad_reports/ReportGeneralLedger.java
M src/org/openbravo/erpCommon/ad_reports/ReportGeneralLedgerJournal.java
M src/org/openbravo/erpCommon/ad_reports/ReportInvoiceCustomerDimensionalAnalysesJR.java
M src/org/openbravo/erpCommon/ad_reports/ReportMaterialDimensionalAnalysesJR.java
M src/org/openbravo/erpCommon/ad_reports/ReportSalesDimensionalAnalyzeJR.java
M src/org/openbravo/erpCommon/ad_reports/ReportShipmentDimensionalAnalyzeJR.java
M src/org/openbravo/erpCommon/ad_reports/ReportTrialBalance.java
---
(0111398)
Sandrahuguet   
2019-04-30 16:59   
Code review + testing OK