search

NCEAS / metacat

Data repository software that helps researchers preserve, share, and discover data
https://knb.ecoinformatics.org/software/metacat
GNU General Public License v2.0
26 stars 12 forks source link

Registry: Need to check that all entry fields do not include any <, > and other characters #255

Closed mbjones closed 6 years ago

mbjones commented 6 years ago

Author Name: Saurabh Garg (Saurabh Garg) Original Redmine Issue: 1323, https://projects.ecoinformatics.org/ecoinfo/issues/1323 Original Date: 2004-02-05 Original Assignee: Saurabh Garg

I think all the following errors reportd by Andrea and Rick happened because of the fields that we dont check.

  1. After filling in all required info (and some fields that were not required), I clicked submit entry, got the summary page, entered my username and password, and clicked the button that says I don’t want to change anything. I then received this error message: Failure An error occurred. Most likely some required fields were missing. Please check the list of errors below and return to the previous form to fill in all required fields and submit the form again. • Error running xpath expression: //dateTimeDomain|//nonNumericDomain|//numericDomain|//access|//attri buteList|//constraint|//coverage|//temporalCoverage|//geographicCoverage|//taxon omicCoverage|/dataset|/eml/dataset|//dataSource|//dataTable|//otherEntity|//cita tion|//address|//conferenceLocation|//party|//originator|//creator|//contact|//p ublisher|//editor|//recipient|//performer|//institution|//metadataProvider|//ass ociatedParty|//personnel|//physical|//connectionDefinition|//distribution|//rese archProject|//project|//relatedProject|//software|//spatialRaster|//spatialRefer ence|//spatialVector|//storedProcedure|//view|//protocol|//additionalMetadata : XML document structures must start and end within the same entity. Thankfully this time when I returned to edit the page all of my entries were still there. But, I was stuck and unable to complete the submittal of the metadata (since I didn’t know what the problem was).

  2. When entering the metadata in the file ‘/nceas-wg-metadata/decaf/aust- phenandphys-dataset.xml’, the software generated a ‘Failure’ screen and raised the following error: ‘error returning xpath: expression //dateTimeDomain. . .

    ../AdditionalMetatdata XML document structures must start and end with the same entity’. The error was fatal in that the metadata was not entered into the database. All required fields have been entered, and there are no visible errors in any of the data input fields when I saved the data. I have replicated this error four times over two days and have been so far unable to save this metadata to the repository. Note: I have traced this defect to placement of ‘<’,’>’, or ‘&’ character appearing in one of the following text entry field: Data Set Title, Organization Name, Abstract, and Geographic Description fields. Other free-text data fields may present the sampe problem.
mbjones commented 6 years ago

Original Redmine Comment Author Name: Saurabh Garg (Saurabh Garg) Original Date: 2004-02-12T22:57:59Z

From Rick's email:

Karl Cottenie created this metadata entry, which will display in the View(er) but not in the Edit(or). Opening up the Original XML file also fails, I think, due to an obscure alphanumeric character (the micron symbol). Karl is using a Linux based browser. I have tried both IE and Netscape, both of which fail on this.

mbjones commented 6 years ago

Original Redmine Comment Author Name: Saurabh Garg (Saurabh Garg) Original Date: 2004-03-31T21:36:51Z

I think I fixed most of the cases. But then Marc Meyer reported to be having a problem. So I need to check again. Though the symptoms are different this time.

mbjones commented 6 years ago

Original Redmine Comment Author Name: Andrea Andrea (Andrea Andrea) Original Date: 2004-12-07T22:58:26Z

I tested for part 2 of this bug on 12/7/04 and it is still present. The following illegal characters cause the indicated problems. Either the characters need to be acceptable by the registry, or there needs to be some explicit indication to the user that these specific characters are not allowed BEFORE they attempt to use them.

" typed in causes a failure and an error message that says "null". when you go back to edit, all the text after the " character is lost

" pasted in (from Word) makes the DR entry un-editable and un-deletable (unless you use Morpho), but it is still viewable

' typed in causes no problems

' pasted in makes the DR entry un-editable and un-deletable (unless you use Morpho), but it is still viewable

% always causes a failure, and an error message that says "null"

<, >, and $ cause no problems

mbjones commented 6 years ago

Original Redmine Comment Author Name: Saurabh Garg (Saurabh Garg) Original Date: 2004-12-16T12:39:46Z

Bug 1485 has been marked as a duplicate of this bug.

mbjones commented 6 years ago

Original Redmine Comment Author Name: Saurabh Garg (Saurabh Garg) Original Date: 2004-12-21T23:06:01Z

Made changes to take care of %. Not able to reproduce ' or " problems. Maybe % changes took care of it. Andrea, can you please check again to confirm. Thanks.

mbjones commented 6 years ago

Original Redmine Comment Author Name: Saurabh Garg (Saurabh Garg) Original Date: 2005-01-07T23:04:16Z

Not able to reproduce after the fix. Hence, closing the bug.

mbjones commented 6 years ago

Original Redmine Comment Author Name: Redmine Admin (Redmine Admin) Original Date: 2013-03-27T21:16:51Z

Original Bugzilla ID was 1323