[ofbiz-framework] branch trunk updated: Improved: Checks if the value passed to checkStringForHtmlSafe is not null (OFBIZ-11822)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[ofbiz-framework] branch trunk updated: Improved: Checks if the value passed to checkStringForHtmlSafe is not null (OFBIZ-11822)

jleroux@apache.org
This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 488b9b6  Improved: Checks if the value passed to checkStringForHtmlSafe is not null (OFBIZ-11822)
488b9b6 is described below

commit 488b9b6b9a914777f4e56bbac611c72159564b2b
Author: Jacques Le Roux <[hidden email]>
AuthorDate: Tue Jun 16 13:57:34 2020 +0200

    Improved: Checks if the value passed to checkStringForHtmlSafe is not null (OFBIZ-11822)
   
    This was reported by SpotBugs in Eclipse to prevent a possible NPE.
   
    It seems to me that it's more complex than that because of the
    PolicyFactory::sanitize methods signatures where @Nullable annotation is
    used. So the SpotBugs warning remains, anyway can't hurt.
   
    BTW found 92 issues reported by SpotBugs in Eclipse, among them 33 are "scary"
   
    I had to add 1 to tasks.checkstyleMain.maxErrors because of
    https://github.com/apache/ofbiz-framework/pull/203 that I pulled after the push
    was rejected by the pre-push local Git hook
---
 build.gradle                                       |  2 +-
 .../java/org/apache/ofbiz/base/util/UtilCodec.java | 22 ++++++++++++----------
 2 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/build.gradle b/build.gradle
index 649a4b5..cef4afd 100644
--- a/build.gradle
+++ b/build.gradle
@@ -287,7 +287,7 @@ checkstyle {
     // the sum of errors found last time it was changed after using the
     // ‘checkstyle’ tool present in the framework and in the official
     // plugins.
-    tasks.checkstyleMain.maxErrors = 26759
+    tasks.checkstyleMain.maxErrors = 26760
     // Currently there are a lot of errors so we need to temporarily
     // hide them to avoid polluting the terminal output.
     showViolations = false
diff --git a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java
index de9ef6e..c2793d9 100644
--- a/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java
+++ b/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilCodec.java
@@ -484,17 +484,19 @@ public class UtilCodec {
                     + "Beware: the result is not rightly checked!", MODULE);
         }
 
-        String filtered = policy.sanitize(value);
-        if (!value.equals(StringEscapeUtils.unescapeHtml4(filtered))) {
-            String issueMsg = null;
-            if (locale.equals(new Locale("test"))) {
-                issueMsg = "In field [" + valueName + "] by our input policy, your input has not been accepted "
-                        + "for security reason. Please check and modify accordingly, thanks.";
-            } else {
-                issueMsg = UtilProperties.getMessage("SecurityUiLabels","PolicySafe",
-                        UtilMisc.toMap("valueName", valueName), locale);
+        if (value != null) {
+            String filtered = policy.sanitize(value);
+            if (filtered != null && !value.equals(StringEscapeUtils.unescapeHtml4(filtered))) {
+                String issueMsg = null;
+                if (locale.equals(new Locale("test"))) {
+                    issueMsg = "In field [" + valueName + "] by our input policy, your input has not been accepted "
+                            + "for security reason. Please check and modify accordingly, thanks.";
+                } else {
+                    issueMsg = UtilProperties.getMessage("SecurityUiLabels","PolicySafe",
+                            UtilMisc.toMap("valueName", valueName), locale);
+                }
+                errorMessageList.add(issueMsg);
             }
-            errorMessageList.add(issueMsg);
         }
         
         return value;