Web API 'criteria' fails to recognize parameters with special characters

Support - Assistance technique
1

I have been trying to return a record whose id has a dash (i.e. …/api/sqlViews/…/data.json?criteria=id:234-567); however the web API fails to recognize the parameter.

Is there a workaround for this or there is a bug in the system?

regards,

···

Sam Kasozi
Information Systems Consultant
HISP Uganda | GHSI - Uganda MOH - PH Emergency Operation Center
+256 788 993565 | +256 757 662752

kasozis@gmail.com | skasozi@pheoc.go.ug | Skype: sam.kasoziug

2

Sam, may be try encoding the URL ...

Try reading about urlencode ... For an appropriate language

Which language are you using?

···

Sent from my BlackBerry® smartphone provided by Airtel Uganda.

-----Original Message-----
From: Sam Kasozi <kasozis@gmail.com>
Sender: "Dhis2-users"
<dhis2-users-bounces+stephocay=gmail.com@lists.launchpad.net>Date: Sun, 2 Nov 2014 17:14:58
To: dhis2-users@lists.launchpad.net<dhis2-users@lists.launchpad.net>
Subject: [Dhis2-users] Web API 'criteria' fails to recognize parameters with
  special characters

_______________________________________________
Mailing list: DHIS 2 Users in Launchpad
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : DHIS 2 Users in Launchpad
More help : ListHelp - Launchpad Help

3

Hi Stephen,

That might help in some scenarios, however in this case, a dash is one of the acceptable characters in a URL. Trying to encode it with ‘%2D’ converts it back to a dash before being sent to the API.

···

On Sun, Nov 2, 2014 at 5:29 PM, stephocay@gmail.com wrote:

Sam, may be try encoding the URL …

Try reading about urlencode … For an appropriate language

Which language are you using?

Sent from my BlackBerry® smartphone provided by Airtel Uganda.

-----Original Message-----

From: Sam Kasozi kasozis@gmail.com

Sender: “Dhis2-users”

dhis2-users-bounces+stephocay=gmail.com@lists.launchpad.netDate: Sun, 2 Nov 2014 17:14:58

To: dhis2-users@lists.launchpad.netdhis2-users@lists.launchpad.net

Subject: [Dhis2-users] Web API ‘criteria’ fails to recognize parameters with

    special characters

Mailing list: https://launchpad.net/~dhis2-users

Post to : dhis2-users@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-users

More help : https://help.launchpad.net/ListHelp

Sam Kasozi
Information Systems Consultant
HISP Uganda | GHSI - Uganda MOH - PH Emergency Operation Center
+256 788 993565 | +256 757 662752

kasozis@gmail.com | skasozi@pheoc.go.ug | Skype: sam.kasoziug

4

Hey Sam,

this is not documented, but we only accept a-z 0-9 / alphanumerical characters + space for criteria filters and values. This is a security measure to avoid SQL injection and other spooky stuff (think about someone passing a drop table sql statement as a value). I think we can improve this by coming up with a character white-list including dash. Input appreciated.

Lars

···

On Sun, Nov 2, 2014 at 10:03 AM, Sam Kasozi kasozis@gmail.com wrote:

Hi Stephen,

That might help in some scenarios, however in this case, a dash is one of the acceptable characters in a URL. Trying to encode it with ‘%2D’ converts it back to a dash before being sent to the API.

Mailing list: https://launchpad.net/~dhis2-users

Post to : dhis2-users@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-users

More help : https://help.launchpad.net/ListHelp

Sam Kasozi
Information Systems Consultant
HISP Uganda | GHSI - Uganda MOH - PH Emergency Operation Center
+256 788 993565 | +256 757 662752

kasozis@gmail.com | skasozi@pheoc.go.ug | Skype: sam.kasoziug

On Sun, Nov 2, 2014 at 5:29 PM, stephocay@gmail.com wrote:

Sam, may be try encoding the URL …

Try reading about urlencode … For an appropriate language

Which language are you using?

Sent from my BlackBerry® smartphone provided by Airtel Uganda.

-----Original Message-----

From: Sam Kasozi kasozis@gmail.com

Sender: “Dhis2-users”

dhis2-users-bounces+stephocay=gmail.com@lists.launchpad.netDate: Sun, 2 Nov 2014 17:14:58

To: dhis2-users@lists.launchpad.netdhis2-users@lists.launchpad.net

Subject: [Dhis2-users] Web API ‘criteria’ fails to recognize parameters with

    special characters

Mailing list: https://launchpad.net/~dhis2-users

Post to : dhis2-users@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-users

More help : https://help.launchpad.net/ListHelp

5

That makes sense then.

Thanks

···

On Sun, Nov 2, 2014 at 6:13 PM, Lars Helge Øverland larshelge@gmail.com wrote:

Hey Sam,

this is not documented, but we only accept a-z 0-9 / alphanumerical characters + space for criteria filters and values. This is a security measure to avoid SQL injection and other spooky stuff (think about someone passing a drop table sql statement as a value). I think we can improve this by coming up with a character white-list including dash. Input appreciated.

Lars

Sam Kasozi
Information Systems Consultant
HISP Uganda | GHSI - Uganda MOH - PH Emergency Operation Center
+256 788 993565 | +256 757 662752

kasozis@gmail.com | skasozi@pheoc.go.ug | Skype: sam.kasoziug

On Sun, Nov 2, 2014 at 10:03 AM, Sam Kasozi kasozis@gmail.com wrote:

Hi Stephen,

That might help in some scenarios, however in this case, a dash is one of the acceptable characters in a URL. Trying to encode it with ‘%2D’ converts it back to a dash before being sent to the API.

Mailing list: https://launchpad.net/~dhis2-users

Post to : dhis2-users@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-users

More help : https://help.launchpad.net/ListHelp

Sam Kasozi
Information Systems Consultant
HISP Uganda | GHSI - Uganda MOH - PH Emergency Operation Center
+256 788 993565 | +256 757 662752

kasozis@gmail.com | skasozi@pheoc.go.ug | Skype: sam.kasoziug

On Sun, Nov 2, 2014 at 5:29 PM, stephocay@gmail.com wrote:

Sam, may be try encoding the URL …

Try reading about urlencode … For an appropriate language

Which language are you using?

Sent from my BlackBerry® smartphone provided by Airtel Uganda.

-----Original Message-----

From: Sam Kasozi kasozis@gmail.com

Sender: “Dhis2-users”

dhis2-users-bounces+stephocay=gmail.com@lists.launchpad.netDate: Sun, 2 Nov 2014 17:14:58

To: dhis2-users@lists.launchpad.netdhis2-users@lists.launchpad.net

Subject: [Dhis2-users] Web API ‘criteria’ fails to recognize parameters with

    special characters

Mailing list: https://launchpad.net/~dhis2-users

Post to : dhis2-users@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-users

More help : https://help.launchpad.net/ListHelp