Openbravo Issue Tracking System - Retail Modules
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0028088Retail ModulesWeb POSpublic2014-11-05 11:192014-11-17 15:31
Reporteregoitz 
Assigned Toszapata 
PriorityimmediateSeveritymajorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target VersionRR15Q1Fixed in VersionRR15Q1 
Merge Request Status
Review Assigned Tomtaal
OBNetwork customer
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0028088: Errors on the PaidReceiptsHeader when filtering using some characters on the ticket selector on the webpos
DescriptionWhen filtering on the ticket selector on the posterminal using for example a ' at the enf of a string an error is raised on the org/openbravo/retail/posterminal/PaidReceiptsHeader.java file



This is because the filter inputs json.getString("filterText") at PaidReceiptsHeader.java are not sanitized

Steps To Reproduce- Log in in Web POS.
- Go to Menu > Receipts
- Filter the documentno with a ' at the end for example 100086'.
- An error occurs.


3cb725a7 2014-11-01 10:37:57,795 [TP-Processor36] ERROR org.openbravo.mobile.core.process.ProcessHQLQuery - Error when generating query
org.hibernate.QueryException: expecting ''', found '<EOF>' [select ord.id as id, ord.documentNo as documentNo, ord.orderDate as orderDate, ord.businessPartner.name as
businessPartner, ord.grandTotalAmount as totalamount, ord.documentType.id as documentTypeId, 'false' as isLayaway from Order as ord where
ord.client='3AFE04DCE6EE4C5A9912EDFF5517C3A7' and ord.organization='3C0F8E1BD0694E719E55C0A5DEB0AC46' and ord.obposApplications is not null and
(ord.documentNo like '%100086'%' or REPLACE(ord.documentNo, '/', '') like '%100086'%' or upper(ord.businessPartner.name) like upper('%100086'%')) and (
ord.documentType.id='511A9371A0F74195AA3F6D66C722729D' or ord.documentType.id='B0745E66713C49199CE719BF5B88AF5C' ) and ((select
count(deliveredQuantity) from ord.orderLineList where deliveredQuantity != 0) > 0 and (select count(orderedQuantity) from ord.orderLineList where orderedQuantity > 0) >
0) order by ord.orderDate desc, ord.documentNo desc]
at org.hibernate.hql.ast.QueryTranslatorImpl.doCompile(QueryTranslatorImpl.java:229)
at org.hibernate.hql.ast.QueryTranslatorImpl.compile(QueryTranslatorImpl.java:136)
at org.hibernate.engine.query.HQLQueryPlan.<init>(HQLQueryPlan.java:101)
at org.hibernate.engine.query.HQLQueryPlan.<init>(HQLQueryPlan.java:80)
at org.hibernate.engine.query.QueryPlanCache.getHQLQueryPlan(QueryPlanCache.java:124)
at org.hibernate.impl.AbstractSessionImpl.getHQLQueryPlan(AbstractSessionImpl.java:156)
at org.hibernate.impl.AbstractSessionImpl.createQuery(AbstractSessionImpl.java:135)
at org.hibernate.impl.SessionImpl.createQuery(SessionImpl.java:1770)
at org.openbravo.mobile.core.process.ProcessHQLQuery.exec(ProcessHQLQuery.java:70)
at org.openbravo.mobile.core.process.SecuredJSONProcess.secureExec(SecuredJSONProcess.java:39)
at org.openbravo.mobile.core.process.MobileService.execClassName(MobileService.java:154)
at org.openbravo.mobile.core.process.MobileService.doGetOrPost(MobileService.java:77)
at org.openbravo.mobile.core.process.MobileService.doPost(MobileService.java:48)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at org.openbravo.base.HttpBaseServlet.serviceInitialized(HttpBaseServlet.java:225)
at org.openbravo.base.secureApp.HttpSecureAppServlet.service(HttpSecureAppServlet.java:445)
at org.openbravo.client.kernel.BaseKernelServlet.callServiceInSuper(BaseKernelServlet.java:87)
at org.openbravo.mobile.core.process.WebServiceAuthenticatedServlet.service(WebServiceAuthenticatedServlet.java:52)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
Proposed Solution
Additional Information
TagsNo tags attached.
Relationships
causes defect 0030261 closed jorge-garcia receipts search in WEB POS does not work with the char - 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2014-11-05 11:19egoitzNew Issue
2014-11-05 11:19egoitzAssigned To => marvintm
2014-11-05 11:19egoitzResolution time => 1415314800
2014-11-05 11:19egoitzTriggers an Emergency Pack => No
2014-11-05 11:21egoitzTarget Version => RR15Q1
2014-11-05 17:35mtaalAssigned Tomarvintm => szapata
2014-11-07 03:31hgbotCheckin
2014-11-07 03:31hgbotNote Added: 0071477
2014-11-07 03:31hgbotStatusnew => resolved
2014-11-07 03:31hgbotResolutionopen => fixed
2014-11-07 03:31hgbotFixed in SCM revision => http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/5926364e251afa3edc07fa817965ed43dfcc1980 [^]
2014-11-07 03:31hgbotCheckin
2014-11-07 03:31hgbotNote Added: 0071478
2014-11-07 03:31hgbotFixed in SCM revisionhttp://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/5926364e251afa3edc07fa817965ed43dfcc1980 [^] => http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/9b8a8c54fe38ce2962f238261647143631f9c126 [^]
2014-11-17 01:08hgbotCheckin
2014-11-17 01:08hgbotNote Added: 0071679
2014-11-17 13:24szapataNote Added: 0071702
2014-11-17 15:31mtaalReview Assigned To => mtaal
2014-11-17 15:31mtaalNote Added: 0071709
2014-11-17 15:31mtaalStatusresolved => closed
2014-11-17 15:31mtaalFixed in Version => RR15Q1
2015-06-29 13:58dmitry_mezentsevRelationship addedcauses 0030261

Notes
(0071477)
hgbot   
2014-11-07 03:31   
Repository: erp/pmods/org.openbravo.retail.posterminal
Changeset: 5926364e251afa3edc07fa817965ed43dfcc1980
Author: Salvador Zapata <salvador.zapata <at> gmail.com>
Date: Thu Nov 06 19:40:41 2014 -0300
URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/5926364e251afa3edc07fa817965ed43dfcc1980 [^]

Fixed issue 28088: Replaced ' chars in the filtered text

---
M src/org/openbravo/retail/posterminal/PaidReceiptsHeader.java
---
(0071478)
hgbot   
2014-11-07 03:31   
Repository: erp/pmods/org.openbravo.retail.posterminal
Changeset: 9b8a8c54fe38ce2962f238261647143631f9c126
Author: Salvador Zapata <salvador.zapata <at> gmail.com>
Date: Thu Nov 06 19:45:03 2014 -0300
URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/9b8a8c54fe38ce2962f238261647143631f9c126 [^]

Fixed issue 28088: Replaced ' chars in the filtered text. out of core

---
M src/org/openbravo/retail/posterminal/PaidReceiptsHeader.java
---
(0071679)
hgbot   
2014-11-17 01:08   
Repository: erp/pmods/org.openbravo.retail.posterminal
Changeset: 6d4f21740e172822bea1a301a346a4c6fd69fd84
Author: Martin Taal <martin.taal <at> openbravo.com>
Date: Mon Nov 17 01:08:20 2014 +0100
URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/6d4f21740e172822bea1a301a346a4c6fd69fd84 [^]

Related to issue 28088: Errors on the PaidReceiptsHeader when filtering using some characters on the ticket selector on the webpos
Sanitizing on one additional usage of filterText json property added.

---
M src/org/openbravo/retail/posterminal/PaidReceiptsHeader.java
---
(0071702)
szapata   
2014-11-17 13:24   
Reviewed Martin's last commit.
(0071709)
mtaal   
2014-11-17 15:31   
Reviewed and tested