Skip to content

Commit

Permalink
Unescape XSS escaped address layout template
Browse files Browse the repository at this point in the history
  • Loading branch information
dkayiwa authored Dec 20, 2024
1 parent 7548e4a commit fc20f21
Showing 1 changed file with 2 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
import java.util.ArrayList;
import java.util.List;

import org.apache.commons.lang.StringEscapeUtils
import org.openmrs.GlobalProperty;
import org.openmrs.api.GlobalPropertyListener;
import org.openmrs.api.context.Context;
Expand Down Expand Up @@ -56,7 +57,7 @@ private void init() {

String layoutTemplateXml = Context.getAdministrationService().getGlobalProperty(
OpenmrsConstants.GLOBAL_PROPERTY_ADDRESS_TEMPLATE);
setAddressTemplate(layoutTemplateXml);
setAddressTemplate(StringEscapeUtils.unescapeXml(layoutTemplateXml));

List<String> specialTokens = new ArrayList<>();
specialTokens.add("address1");
Expand Down

2 comments on commit fc20f21

@ibacher
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like this should fix things to me! Just remember we need to back port to 2.7 as well as 2.6.

@dkayiwa
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Back ported to the 2.6.x branch at 9f2f2dc
And to the 2.7.x branch at 69c0b59

Please sign in to comment.