From b304d9d8df695949a70b858bf51b5e2be1061704 Mon Sep 17 00:00:00 2001
From: srosse <none@none>
Date: Mon, 28 May 2018 09:22:40 +0200
Subject: [PATCH] OO-3526: better validation of inputs in the correction
 workflow

---
 ...ctionIdentityAssessmentItemController.java | 23 ++++++++++++++-----
 ...rectionIdentityInteractionsController.java | 10 +++++---
 2 files changed, 24 insertions(+), 9 deletions(-)

diff --git a/src/main/java/org/olat/ims/qti21/ui/assessment/CorrectionIdentityAssessmentItemController.java b/src/main/java/org/olat/ims/qti21/ui/assessment/CorrectionIdentityAssessmentItemController.java
index ec5597a015b..57aec451872 100644
--- a/src/main/java/org/olat/ims/qti21/ui/assessment/CorrectionIdentityAssessmentItemController.java
+++ b/src/main/java/org/olat/ims/qti21/ui/assessment/CorrectionIdentityAssessmentItemController.java
@@ -159,6 +159,13 @@ public class CorrectionIdentityAssessmentItemController extends FormBasicControl
 	protected void doDispose() {
 		//
 	}
+	
+	@Override
+	protected boolean validateFormLogic(UserRequest ureq) {
+		boolean allOk = super.validateFormLogic(ureq);
+		allOk &= identityInteractionsCtrl.validateFormLogic(ureq);
+		return allOk;
+	}
 
 	@Override
 	protected void formOK(UserRequest ureq) {
@@ -175,13 +182,17 @@ public class CorrectionIdentityAssessmentItemController extends FormBasicControl
 	@Override
 	protected void formInnerEvent(UserRequest ureq, FormItem source, FormEvent event) {
 		if(saveNextQuestionButton == source) {
-			doSave();
-			fireEvent(ureq, Event.CHANGED_EVENT);
-			fireEvent(ureq, new NextAssessmentItemEvent());
+			if(identityInteractionsCtrl.validateFormLogic(ureq)) {
+				doSave();
+				fireEvent(ureq, Event.CHANGED_EVENT);
+				fireEvent(ureq, new NextAssessmentItemEvent());
+			}
 		} else if(saveBackOverviewButton == source) {
-			doSave();
-			fireEvent(ureq, Event.CHANGED_EVENT);
-			fireEvent(ureq, Event.BACK_EVENT);
+			if(identityInteractionsCtrl.validateFormLogic(ureq)) {
+				doSave();
+				fireEvent(ureq, Event.CHANGED_EVENT);
+				fireEvent(ureq, Event.BACK_EVENT);
+			}
 		} else {
 			super.formInnerEvent(ureq, source, event);
 		}
diff --git a/src/main/java/org/olat/ims/qti21/ui/assessment/CorrectionIdentityInteractionsController.java b/src/main/java/org/olat/ims/qti21/ui/assessment/CorrectionIdentityInteractionsController.java
index a270269ddea..ac99e740e34 100644
--- a/src/main/java/org/olat/ims/qti21/ui/assessment/CorrectionIdentityInteractionsController.java
+++ b/src/main/java/org/olat/ims/qti21/ui/assessment/CorrectionIdentityInteractionsController.java
@@ -374,10 +374,13 @@ public class CorrectionIdentityInteractionsController extends FormBasicControlle
 		
 		el.clearError();
 		if(StringHelper.containsNonWhitespace(el.getValue())) {
-			Double minScore = QtiNodesExtractor.extractMinScore(assessmentItem);
-			Double maxScore = QtiNodesExtractor.extractMaxScore(assessmentItem);
-			
 			try {
+				// check with the parse algorithm of BigDecimal first
+				new BigDecimal(el.getValue()).doubleValue();
+
+				Double minScore = QtiNodesExtractor.extractMinScore(assessmentItem);
+				Double maxScore = QtiNodesExtractor.extractMaxScore(assessmentItem);
+					
 				double score = parseDouble(el);
 				boolean boundariesOk = true;
 				if(minScore != null && score < minScore.doubleValue()) {
@@ -394,6 +397,7 @@ public class CorrectionIdentityInteractionsController extends FormBasicControlle
 				}
 				allOk &= boundariesOk;
 			} catch (NumberFormatException e) {
+				logWarn("Cannot parse the score: " + el.getValue(), null);
 				el.setErrorKey("error.double.format", null);
 				allOk &= false;
 			}
-- 
GitLab