Index: lams_bb_integration/.classpath
===================================================================
diff -u -r7b8276acaecb9871b6e169f3376c4ebcddeceb67 -rfa671cd2a3d8d5c5801a099d703de5eb2abff0cd
--- lams_bb_integration/.classpath (.../.classpath) (revision 7b8276acaecb9871b6e169f3376c4ebcddeceb67)
+++ lams_bb_integration/.classpath (.../.classpath) (revision fa671cd2a3d8d5c5801a099d703de5eb2abff0cd)
@@ -13,5 +13,6 @@
+
Index: lams_bb_integration/RELEASE_NOTES.TXT
===================================================================
diff -u -r8d92365c1f399beb957a1ac353436d5f5e8016fe -rfa671cd2a3d8d5c5801a099d703de5eb2abff0cd
--- lams_bb_integration/RELEASE_NOTES.TXT (.../RELEASE_NOTES.TXT) (revision 8d92365c1f399beb957a1ac353436d5f5e8016fe)
+++ lams_bb_integration/RELEASE_NOTES.TXT (.../RELEASE_NOTES.TXT) (revision fa671cd2a3d8d5c5801a099d703de5eb2abff0cd)
@@ -141,3 +141,4 @@
* LDEV-4163: Integration API that returns true if the LD has outputs
* LDEV-4164: Fix sorting in BB content area
* LDEV-4171: Remove obsolete svgFormat parameter that is no longer used in WF as long as it produces only SVGs (no PNGs)
+* LDEV-4178: Escape commas when pre-adding users to a lesson
Index: lams_bb_integration/lib/commons-lang.jar
===================================================================
diff -u
Binary files differ
Index: lams_bb_integration/src/org/lamsfoundation/ld/integration/util/LamsSecurityUtil.java
===================================================================
diff -u -r8d92365c1f399beb957a1ac353436d5f5e8016fe -rfa671cd2a3d8d5c5801a099d703de5eb2abff0cd
--- lams_bb_integration/src/org/lamsfoundation/ld/integration/util/LamsSecurityUtil.java (.../LamsSecurityUtil.java) (revision 8d92365c1f399beb957a1ac353436d5f5e8016fe)
+++ lams_bb_integration/src/org/lamsfoundation/ld/integration/util/LamsSecurityUtil.java (.../LamsSecurityUtil.java) (revision fa671cd2a3d8d5c5801a099d703de5eb2abff0cd)
@@ -43,6 +43,8 @@
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.lamsfoundation.ld.integration.dto.LearnerProgressDTO;
import org.w3c.dom.Document;
@@ -695,19 +697,17 @@
BbList studentCourseMemberships = courseMemLoader.loadByCourseIdAndRole(courseId,
CourseMembership.Role.STUDENT, null, true);
for (CourseMembership courseMembership : studentCourseMemberships) {
- learnerIds += URLEncoder.encode(courseMembership.getUser().getUserName(), "utf8") + ",";
+ String learnerId = escapeValue(courseMembership.getUser().getUserName());
+ learnerIds += learnerId + ",";
- String firstName = courseMembership.getUser().getGivenName().isEmpty() ? DUMMY_VALUE : courseMembership
- .getUser().getGivenName();
- firstNames += URLEncoder.encode(firstName, "utf8") + ",";
+ String firstName = escapeValue(courseMembership.getUser().getGivenName());
+ firstNames += firstName + ",";
- String lastName = courseMembership.getUser().getFamilyName().isEmpty() ? DUMMY_VALUE : courseMembership
- .getUser().getFamilyName();
- lastNames += URLEncoder.encode(lastName, "utf8") + ",";
+ String lastName = escapeValue(courseMembership.getUser().getFamilyName());
+ lastNames += lastName + ",";
- String email = courseMembership.getUser().getEmailAddress().isEmpty() ? DUMMY_VALUE : courseMembership
- .getUser().getEmailAddress();
- emails += URLEncoder.encode(email, "utf8") + ",";
+ String email = escapeValue(courseMembership.getUser().getEmailAddress());
+ emails += email + ",";
}
BbList monitorCourseMemberships = courseMemLoader.loadByCourseIdAndRole(courseId,
@@ -719,19 +719,17 @@
CourseMembership.Role.COURSE_BUILDER, null, true);
monitorCourseMemberships.addAll(courseBuilderCourseMemberships);
for (CourseMembership courseMembership : monitorCourseMemberships) {
- monitorIds += URLEncoder.encode(courseMembership.getUser().getUserName(), "utf8") + ",";
+ String monitorId = escapeValue(courseMembership.getUser().getUserName());
+ monitorIds += monitorId + ",";
- String firstName = courseMembership.getUser().getGivenName().isEmpty() ? DUMMY_VALUE : courseMembership
- .getUser().getGivenName();
- firstNames += URLEncoder.encode(firstName, "utf8") + ",";
+ String firstName = escapeValue(courseMembership.getUser().getGivenName());
+ firstNames += firstName + ",";
- String lastName = courseMembership.getUser().getFamilyName().isEmpty() ? DUMMY_VALUE : courseMembership
- .getUser().getFamilyName();
- lastNames += URLEncoder.encode(lastName, "utf8") + ",";
+ String lastName = escapeValue(courseMembership.getUser().getFamilyName());
+ lastNames += lastName + ",";
- String email = courseMembership.getUser().getEmailAddress().isEmpty() ? DUMMY_VALUE : courseMembership
- .getUser().getEmailAddress();
- emails += URLEncoder.encode(email, "utf8") + ",";
+ String email = escapeValue(courseMembership.getUser().getEmailAddress());
+ emails += email + ",";
}
//no learners & no monitors - do nothing
@@ -793,6 +791,24 @@
}
/**
+ * Takes care about blank values. Besides, escapes CSV sensitive symbols (commas, quotes, etc) and then encodes it to be sent as a URL parameter.
+ *
+ * @param value
+ * @param CSV
+ * @return
+ * @throws UnsupportedEncodingException
+ */
+ private static String escapeValue(String value) throws UnsupportedEncodingException {
+ final String DUMMY_VALUE = "-";
+
+ String notBlankValue = StringUtils.isBlank(value) ? DUMMY_VALUE : value;
+ String escapedCsv = StringEscapeUtils.escapeCsv(notBlankValue);
+ String encodedValue = URLEncoder.encode(escapedCsv, "utf8");
+
+ return encodedValue;
+ }
+
+ /**
* getLearnerProgress in current lesson through a LAMS webservice
*
* @param ctx