502 views

Description

When trying to add an item to a rota from the On-Call Calendars module, the "&" character is not properly escaped, which prevents users from adding specific entries to a rota. (Affected UI page: /sys_ui_page.do?sys_id=8df6dfc3c0a801650077c7b194df3e6d)

Steps to Reproduce

 

  1. Create a valid rota using a group with an ampersand (&) in its name.
  2. Navigate to the On-Call Calendars module.
  3. Select that aforementioned group from the drop-down picker to view their rotation schedule.
  4. Click a blank space inside of the rendered calendar as if you were going to create a custom entry. The error message "The entity name must immediately follow the '&' in the entity reference" should appear right away.
  5. Click the gaps in between the calendar items as if you were going to create a customer entry for that schedule. Note that you also get the same error message as above.

Workaround

Replace the rotaGR.name with rotaGR.name.getHTMLValue() in the HTML field of the affected UI page (mentioned in the problem description). Here is what that snippet should look like when corrected:

      <tr>
         <td>
            <div id="div_roster" style="display:${jvar_roster_display}">
               <g:ui_spacer pixels="20" />
               Rota:<g:ui_spacer />
               <select id="select_roster">
                  <g:evaluate jelly="true">
                     var rotaGR = new GlideRecord("cmn_rota");
                     rotaGR.addQuery("group", jelly.jvar_group);
                     rotaGR.orderBy("name");
                     rotaGR.query();
                  </g:evaluate>
                  
                  <j:while test="${rotaGR.next()}">
                     <g:ui_select_option value="${rotaGR.sys_id}" text="${rotaGR.name.getHTMLValue()}" selected_value="${sysparm_roster}" /> 
              </j:while>
               </select>
            </div>
         </td>
      </tr>

This applies for the Covering on drop-down as well. In the same UI page:

  1. Change the line:

    <option value="${grr.sys_id}">${grr.name} (${grr.rota.name})</option>

    to:

    <option value="${grr.sys_id}">${grr.name.getHTMLValue()} (${grr.rota.name.getHTMLValue()})</option>

  2. Change the line:

    <option value="R:${grr.sys_id}">${grr.name}</option>

    to:

    <option value="R:${grr.sys_id}">${grr.name.getHTMLValue()}</option>

Related Problem: PRB585048

Seen In

Berlin Patch 5 Hot Fix 1

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2015-12-18 10:59:50
Published:2015-12-18