[jira] [Updated] (CXF-4507) bug in SchemaJavascriptBuilder while deserializing

[Kayvan Arianpour (JIRA)]

     [ 
https://issues.apache.org/jira/browse/CXF-4507?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kayvan Arianpour updated CXF-4507:
----------------------------------

    Labels: javascript  (was: security)
    
> bug in SchemaJavascriptBuilder while deserializing
> --------------------------------------------------
>
>                 Key: CXF-4507
>                 URL: https://issues.apache.org/jira/browse/CXF-4507
>             Project: CXF
>          Issue Type: Bug
>          Components: JavaScript Client
>    Affects Versions: 2.6.2
>         Environment: FireFox
>            Reporter: Kayvan Arianpour
>            Priority: Critical
>              Labels: javascript
>   Original Estimate: 10m
>  Remaining Estimate: 10m
>
> SchemaJavascriptBuilder.java creates a JavaScript for a service, while 
> deserializing an array it uses a variable named "arrayItem" with no value on 
> definition.
> The Problem : if an item in the array is set to null on server, the 
> deserializer on client side set the item to the value set for the latest 
> value set.
> Here you can find the solution :
> SchemaJavascriptBuilder.java line 556 :
>             if (itemInfo.isArray()) {
>                 utils.appendLine("item = [];");
>                 utils.startDo();
>                 valueTarget = "arrayItem";
>                 utils.appendLine("var arrayItem;");//****************
>             }
> should be read as 
>             if (itemInfo.isArray()) {
>                 utils.appendLine("item = [];");
>                 utils.startDo();
>                 valueTarget = "arrayItem";
>                 utils.appendLine("var arrayItem = null;");//****************
>             }
> sample produced code : 
> function services_sal_ngs__rspPayCheque_deserialize (cxfjsutils, element) {
> ...
>      do  {
>       var arrayItem;//*******************************
>       var value = null;
>       if (!cxfjsutils.isElementNil(curElement)) {
>        value = cxfjsutils.getNodeText(curElement);
>        arrayItem = value;
>       }
>       item.push(arrayItem);
>       curElement = cxfjsutils.getNextElementSibling(curElement);
>      }
> ...
>     return newobject;
> }
> the corrected version should be :
> function services_sal_ngs__rspPayCheque_deserialize (cxfjsutils, element) {
> ...
>      do  {
>       var arrayItem = null;//*******************************
>       var value = null;
>       if (!cxfjsutils.isElementNil(curElement)) {
>        value = cxfjsutils.getNodeText(curElement);
>        arrayItem = value;
>       }
>       item.push(arrayItem);
>       curElement = cxfjsutils.getNextElementSibling(curElement);
>      }
> ...
>     return newobject;
> }

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira