Fixes issue 28212: Prevent NPE in FormatUtilities.replaceJS
authorAugusto Mauch <augusto.mauch@openbravo.com>
Wed, 19 Nov 2014 10:40:03 +0100
changeset 25262 8dbbe80525ba
parent 25261 331b598e6c62
child 25263 441ceb36bd06
Fixes issue 28212: Prevent NPE in FormatUtilities.replaceJS

In this changeset [1] the FormatUtilities.replaceJS was updated to make it secure against cross site scripting. The problem was that before the change the method returned null if the strIni parameter is null, but after the change a NullPointerException is thrown. Added a check to prevent this.

[1] https://code.openbravo.com/erp/devel/pi/rev/244f648e594e
src-core/src/org/openbravo/utils/FormatUtilities.java
--- a/src-core/src/org/openbravo/utils/FormatUtilities.java	Tue Nov 04 15:15:12 2014 -0500
+++ b/src-core/src/org/openbravo/utils/FormatUtilities.java	Wed Nov 19 10:40:03 2014 +0100
@@ -46,6 +46,10 @@
   }
 
   public static String replaceJS(String strIni, boolean isUnderQuotes) {
+    if (strIni == null) {
+      // nothing to return if the provided string is null
+      return null;
+    }
     return Replace
         .replace(
             Replace.replace(Replace.replace(