Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Revisions: Issue #38139 Back to Issue ]
Summary 0038139: POSLoginHandler.getDefaults is not using bind-parameters
Revision 2018-03-14 14:33 by shuehner
Description This code should use bind-params:

      OBQuery<OBPOSApplications> appQry = OBDal.getInstance().createQuery(
          OBPOSApplications.class,
          "where searchKey = '" + terminalSearchKey + "'" + " and ((ad_isorgincluded("
              + "(select organization from ADUser where id='" + userId + "')"
              + ", organization, client.id) <> -1) or " + "(ad_isorgincluded(organization, "
              + "(select organization from ADUser where id='" + userId + "')"
              + ", client.id) <> -1)) ");

      // Terminal access will be checked to ensure that the user has access to the terminal
      OBQuery<TerminalAccess> accessCrit = OBDal.getInstance().createQuery(TerminalAccess.class,
          "where userContact.id='" + userId + "'");
Revision 2018-03-14 13:35 by shuehner
Description This code should use bind-params:

      OBQuery<OBPOSApplications> appQry = OBDal.getInstance().createQuery(
          OBPOSApplications.class,
          "where searchKey = '" + terminalSearchKey + "'" + " and ((ad_isorgincluded("
              + "(select organization from ADUser where id='" + userId + "')"
              + ", organization, client.id) <> -1) or " + "(ad_isorgincluded(organization, "
              + "(select organization from ADUser where id='" + userId + "')"
              + ", client.id) <> -1)) ");


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker