Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: [DHIS2-17324] Ensure standard report id is in the right format #393

Merged
merged 1 commit into from
Aug 21, 2024
Merged

fix: [DHIS2-17324] Ensure standard report id is in the right format #393

merged 1 commit into from
Aug 21, 2024

Conversation

JoakimSM
Copy link
Member

No description provided.

@dhis2-bot
Copy link
Contributor

🚀 Deployed on https://pr-393--dhis2-reports.netlify.app

@dhis2-bot dhis2-bot temporarily deployed to netlify August 15, 2024 14:15 Inactive
@JoakimSM JoakimSM changed the title fix: [DHIS2-17324] Ensure id is in the right format fix: [DHIS2-17324] Ensure standard report id is in the right format Aug 15, 2024
@JoakimSM JoakimSM marked this pull request as ready for review August 16, 2024 08:41
@JoakimSM JoakimSM requested review from a team as code owners August 16, 2024 08:41
@tomzemp tomzemp self-requested a review August 16, 2024 10:59
tomzemp
tomzemp approved these changes Aug 16, 2024
View reviewed changes
Copy link
Member

@tomzemp tomzemp left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR 🙏. Looks good to me!

One thing I noticed: the ticket says that the GET request could currently be sent to /arbitrary/same-origin/path/data.html, but the app seems to fire a request to reports/arbitrary/same-origin/path/data.html :

reports-app/src/utils/api.js

Line 447 in 940f8af

api.get(`reports/${id}/data.html`, {
.

I think it's good to have this check client-side, but I would also have expected the backend to do some sanitization of the request and check that it the "id" in reports/${id}/data.html was valid?

@JoakimSM
Copy link
Member Author

Thanks for the PR 🙏. Looks good to me!

One thing I noticed: the ticket says that the GET request could currently be sent to /arbitrary/same-origin/path/data.html, but the app seems to fire a request to reports/arbitrary/same-origin/path/data.html :

reports-app/src/utils/api.js

Line 447 in 940f8af

api.get(`reports/${id}/data.html`, {

.
I think it's good to have this check client-side, but I would also have expected the backend to do some sanitization of the request and check that it the "id" in reports/${id}/data.html was valid?

We talked it through on slack.

@linadhis2
Copy link

LGTM from QA perspective

@JoakimSM JoakimSM merged commit 12b9277 into master Aug 21, 2024
10 checks passed
@JoakimSM JoakimSM deleted the DHIS2-17324 branch August 21, 2024 08:18
dhis2-bot added a commit that referenced this pull request Aug 21, 2024
@dhis2-bot
chore(release): cut 100.0.60 [skip release]
4e55421 
## [100.0.60](v100.0.59...v100.0.60) (2024-08-21)

### Bug Fixes

* [DHIS2-17324] Ensure standard report id is in the right format ([#393](#393)) ([12b9277](12b9277))
@dhis2-bot
Copy link
Contributor

🎉 This PR is included in version 100.0.60 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@linadhis2 linadhis2 linadhis2 approved these changes

@tomzemp tomzemp tomzemp approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@JoakimSM @dhis2-bot @linadhis2 @tomzemp