Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0038136Openbravo ERPZ. Otherspublic2018-03-14 13:002022-02-01 08:07
Reportershuehner 
Assigned ToTriage Platform Base 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusacknowledgedResolutionopen 
PlatformOS5OS Version
Product Version 
Target VersionFixed in Version 
Merge Request Status
Review Assigned To
OBNetwork customer
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0038136: Tracking issue: Find & Fix queries not using bind-params but embedding values into query string
DescriptionQueries should separate query text from data values which is done using bind-parameters.

That is important to 3 reasons:
a.) Avoid SQL/HQL injections
b.) Not have 'different SQL text' for same query but different values
b.1) To efficient utilize hibernate cache
b.2) Inefficient use of oracle query cache as not using bind variables make 'same query' show up with many times with different query cache.

This issue is to link the various individual issues to fix the concrete cases found.
Steps To Reproduce-
Proposed Solution
Additional Information
TagsPerformance
Relationships
related to feature request 0037641 closed AugustoMauch Openbravo ERP Make the max size of Hibernate's HqlQueryPlan cache configurable 
related to design defect 0041287 acknowledged Triage Platform Base Openbravo ERP Tracking issue: Convert HQL to apply new style 
depends on defect 0038133 closed Sandrahuguet Retail Modules AddPack.java has query which is not using bind-parameters 
depends on defect 0038135 closed shuehner Openbravo ERP OBContext.getOrganizationList is not using bind-parameters 
depends on defect 0038137 closed shuehner Openbravo ERP EntityAccessChecker.initialize is not using bind-variables 
depends on defect 0038138 closed Sandrahuguet Retail Modules LoginUtilsServlet.getUserImages is not using bind-variables 
depends on defect 0038139 closed Sandrahuguet Retail Modules POSLoginHandler.getDefaults is not using bind-parameters 
depends on defect 0038140 closed Sandrahuguet Retail Modules MobileServerController.readCentralServer is not using bind-parameters 
depends on defect 0038141 closed Sandrahuguet Openbravo ERP FIN_Utility.getDocumentType is not using bind-variables 
depends on defect 0038142 new Triage Omni OMS Openbravo ERP pl-function ad_get_doc_le_bu is not using bind-parameters 
depends on defect 0038145 closed Sandrahuguet Retail Modules org.openbravo.retail.posterminal.term.Warehouses (posterminal + mobile.procurement module) don't use bind-variables 
depends on defect 0038146 closed shuehner Openbravo ERP OBQuery when auto-adding client+org filter is not using bind-variables 
depends on feature request 0038199 new Triage Platform Base Openbravo ERP SqlC generated code should be able to use bind-variables for list of values (i.e. ad_client_id, ad_org_id) filters 
depends on defect 0038200 new Triage Omni OMS Openbravo ERP DefaultValuesData.select (NOT xsql-generated) is not using bind-params for ad_client_id + ad_org_id filters 
depends on defect 0038941 acknowledged Triage Platform Base Openbravo ERP use bind-parameters in TextInterfacesData 
depends on defect 0038948 acknowledged Triage Platform Base Openbravo ERP use bind-parameters in DefaultOptionsData.getDefaultWarehouse 
depends on defect 0038950 closed alostale Openbravo ERP use bind-parameters in Preferences.java 
depends on defect 0040358 closed alostale Openbravo ERP use bind-parameters in ImportEntryManager 
depends on defect 0040522 closed nonofrancisco Openbravo ERP use bind-parameters in FIN_BankStatementImport 
depends on defect 0040559 closed nonofrancisco Openbravo ERP SL_TaxCategory_Org.execute is not using bind-parameters 
depends on defect 0040560 closed nonofrancisco Openbravo ERP AcctServer.isConveritble is not using bind-parameters 
depends on defect 0040523 closed nonofrancisco Openbravo ERP use bind-parameters in FactLine 
depends on defect 0040562 closed alostale Openbravo ERP HelpWindow.generateWindow is not using bind-variables 
depends on defect 0040564 closed alostale Openbravo ERP MyOpenbravoActionHandler.processWidgets is not using bind-variables 
depends on defect 0040565 closed alostale Openbravo ERP SelectorFieldPropertyCallout.execute is not using bind-variables 
depends on defect 0040568RR19Q3 closed ranjith_qualiantech_com Retail Modules RolePermissions.getPrefList is not using bind-parameters 
depends on defect 0040569RR19Q3 closed ranjith_qualiantech_com Retail Modules LabelsComponent.(getLabels+getLists) are not using bind-parameters 
depends on defect 0040570RR19Q3 closed jarmendariz Retail Modules MobileServercontroller.isThereACentralServerDefined is not using bind-parameters 
depends on defect 0040571RR19Q3 closed jarmendariz Retail Modules ServerStateBackground.getServerstoSendPing is not using bind-parameters 
depends on defect 0040572RR19Q3 closed ranjith_qualiantech_com Retail Modules LoginUtilsServlet.preLogin is not using bind-parameters 
depends on defect 0040573RR19Q3 closed ranjith_qualiantech_com Retail Modules POSUtils.hasCurrencyRate is not using bind-parameters 
depends on defect 00405743.0PR19Q3 closed nonofrancisco Openbravo ERP SequenceProductCreate.getLineNum is not using bind-parameters 
depends on defect 0040578 closed alostale Openbravo ERP Utility.getListValueName is not using bind-parameters 
depends on defect 0040579 closed Triage Omni OMS Openbravo ERP ResetAccounting.hasProcessing is not using bind-parameters 
depends on defect 0040580 closed alostale Openbravo ERP AlertActionHandler.countActiveAlerts is not using bind-parameters 
depends on defect 0040581RR19Q3 closed jarmendariz Retail Modules SynchronizedServerProcessCaller.thereIsDataInImportQueue is not using bind-parameters 
depends on defect 0040583 closed ranjith_qualiantech_com Retail Modules POSUtils.getPriceListVersionForPriceList is not using bind-parameters 
depends on defect 0040584 closed ranjith_qualiantech_com Retail Modules CashUpReport.doPost is not using bind-parameters 
depends on defect 0040585RR19Q3 closed ranjith_qualiantech_com Retail Modules SerializedByTermImportEntryProcessorRunnable.countEntries is not using bind-parameters 
depends on defect 0040588RR19Q3 closed jarmendariz Retail Modules MobileServerRequestExecutor.executeRequest is not using bind-parameters 
depends on defect 0040589RR19Q3 closed ranjith_qualiantech_com Retail Modules POrderLoaderEntryProcessor.countEntries is not using bind-parameters & should be reviewed if not generic super.countEntries 
depends on defect 0040590RR19Q3 closed ranjith_qualiantech_com Retail Modules SetBusinessDateEntryProcessor.countEntries does not use bind-parameters, probably could be removed for super.countEntries 
depends on design defect 0040591 closed alostale Openbravo ERP deprecate OBDal getReadableClientsInClause and getReadableOrganizationsInClause 
depends on defect 0036239 closed collazoandy4 Openbravo ERP Security problem in Create Budget Reports in Excel report 
depends on defect 0041198 closed collazoandy4 Localization Pack: Spain OBMTR30InvoiceTaxReportDao is not using bind-param. 
depends on defect 00411993.0PR19Q4 closed collazoandy4 Openbravo ERP PaymentReportDao is not using bind-param 
depends on defect 00412313.0PR19Q4 closed collazoandy4 Openbravo ERP Reconciliation is not using bind-params 
depends on defect 00412323.0PR19Q4 closed collazoandy4 Openbravo ERP AdvPaymentMngtDao is not using bind-params 
depends on defect 00412333.0PR19Q4 closed collazoandy4 Openbravo ERP MatchTransactionDao.getUnmatchedBankStatementLines 
depends on defect 00412343.0PR19Q4 closed collazoandy4 Openbravo ERP TransactionsDao.getCurrentlyClearedAmt is not using bind-param 
depends on defect 00412353.0PR19Q4 closed collazoandy4 Openbravo ERP FIN_AddPaymentFromJournalLine.doExecute is not using bind-params 
depends on defect 00412363.0PR19Q4 closed collazoandy4 Openbravo ERP RecordID2Filling.getBPAccountList is not using bind-params 
depends on defect 00412373.0PR19Q4 closed collazoandy4 Openbravo ERP FIN_BankstatementImport is not using bind-params 
depends on defect 00412383.0PR19Q4 closed collazoandy4 Openbravo ERP FIN_Utility.{isPeriodOpen,isReversePayment,getOrderedPaymentDetailList) are not using bind-params 
depends on defect 00412393.0PR19Q4 closed alostale Openbravo ERP ADTreeDatasourceService.{getNodeChildenQuery,nodeHasChildren, nodeConformsToWhereClause) are not using bind-params 
depends on defect 00412403.0PR19Q4 closed collazoandy4 Openbravo ERP AcctServer.{getAccountDBpartner, disableDocumentConfirmation} are not using bind-params 
depends on defect 00412423.0PR19Q4 closed collazoandy4 Openbravo ERP DocFINBankStatement.createFact is not using bind-params 
depends on defect 00412433.0PR19Q4 closed collazoandy4 Openbravo ERP DocFINFinAccTransaction.createFact is not using bind-params 
depends on defect 00412443.0PR19Q4 closed collazoandy4 Openbravo ERP DocFINPayment.createFact is not using bind-params 
depends on defect 00412453.0PR19Q4 closed collazoandy4 Openbravo ERP DocFINReconciliation.createFact is not using bind-params 
depends on defect 00412513.0PR19Q4 closed collazoandy4 Openbravo ERP UpdateActuals.doExecute is not using bind-params 
depends on defect 00412523.0PR19Q4 closed collazoandy4 Openbravo ERP ReportGeneralLedgerJournal.getDocuments is not using bind-params 
depends on defect 00412533.0PR19Q4 closed AtulOpenbravo Openbravo ERP ReportProjectProfitabilityJR.noConversionToHours is not using bind-params 
depends on defect 00412573.0PR19Q4 closed collazoandy4 Openbravo ERP InitialSetupUtility.{getCOAModules,getRDModules} are not using bind-parameters 
depends on defect 0041273RR19Q4 closed ranjith_qualiantech_com Retail Modules IncludeAllProducts.execute is not using bind-params 
depends on defect 0041274RR19Q4 closed gorka_gil Retail Modules PaidReceipts.checkOrderInErrorEntry is not using bind-params 
depends on defect 00412783.0PR19Q4 closed Triage Omni WMS Openbravo ERP CostingBackground.doExecute is not using bind-params 
depends on defect 0041280 closed collazoandy4 Localization Pack: Spain AEAT347ReportAPRDao is not using bind-params 
depends on defect 0041281 closed collazoandy4 Localization Pack: Spain AEAT3492010ReportDao is not using bind-params 
depends on defect 0041284 closed collazoandy4 Localization Pack: Spain AEAT390ReportDao and AEAT390CashVATReadyDao are not using bind-params 
depends on defect 00412893.0PR19Q4 closed alostale Openbravo ERP TreeUtility is not using bind-params 
depends on defect 0051591 closed francisco_ofarril Modules NotPostedDocumentsDataSource.getFilteredDocumentTypes(String, int, int) is not using bind-parameters 
depends on defect 0051592 closed shuehner Modules Module: org.openbravo.financial.invoicetaxreport File: InvoiceTaxUtility not using bind-parameters 
depends on defect 0051593 closed shuehner Modules InvoicePaymentUtility is not using bind-parameters 
depends on defect 0051594 closed francisco_ofarril Modules Several files in org.openbravo.module.remittance are not using bind-params and are not following HQL-style 
depends on defect 0051596 closed shuehner Modules org.openbravo.module.intrastat some files are not using bind-param nor following HQL-style 
depends on defect 0051618 closed shuehner Modules Module org.openbravo.module.facturae, some code is not using bind-params (and not following hql style) 
depends on defect 0051647 closed shuehner Modules InvoiceMatchingAlgorithm is not following HQL style 
depends on defect 0051676 closed shuehner Modules Query in MassInvoicing is not using bind-params 
related to defect 0041711 closed collazoandy4 Openbravo ERP Subquery in getDocumentNo in ReportGeneralLedgerJournal is not using bind-params 
related to defect 0045425 closed cberner Openbravo ERP ParametersActionHandler.onSave is not embedding parameters using OBCriteria 
related to defect 0045435 new cberner Openbravo ERP AttachmentUtils class is appending parameters to hql statement wrongly 
related to defect 0045436 new cberner Openbravo ERP JsonToDataConverter is appending parameters to hql query wrongly 
related to defect 0045437 closed cberner Openbravo ERP BaseOBObject appends parameters in hql query wrongly 
related to defect 0045513 closed cberner Openbravo ERP FIN_BankStatementImport class should use OBCriteria instead of string building 
Not all the children of this issue are yet resolved or closed.
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2018-03-14 13:00shuehnerNew Issue
2018-03-14 13:00shuehnerAssigned To => platform
2018-03-14 13:00shuehnerModules => Core
2018-03-14 13:00shuehnerTriggers an Emergency Pack => No
2018-03-14 13:03shuehnerRelationship addeddepends on 0038133
2018-03-14 13:04shuehnerRelationship addeddepends on 0038135
2018-03-14 13:13shuehnerRelationship addeddepends on 0038137
2018-03-14 13:24shuehnerRelationship addeddepends on 0038138
2018-03-14 13:36shuehnerRelationship addeddepends on 0038139
2018-03-14 13:49shuehnerRelationship addeddepends on 0038140
2018-03-14 15:09shuehnerRelationship addeddepends on 0038141
2018-03-14 15:24shuehnerRelationship addeddepends on 0038142
2018-03-14 16:15shuehnerRelationship addeddepends on 0038145
2018-03-14 16:26shuehnerDescription Updatedbug_revision_view_page.php?rev_id=16839#r16839
2018-03-14 17:22shuehnerRelationship addeddepends on 0038146
2018-03-16 08:59alostaleStatusnew => acknowledged
2018-03-16 08:59alostaleTag Attached: Performance
2018-03-16 10:01alostaleRelationship addedrelated to 0037641
2018-03-22 15:41shuehnerRelationship addeddepends on 0038199
2018-03-22 15:44shuehnerRelationship addeddepends on 0038200
2018-06-15 11:38alostaleTypedefect => design defect
2018-07-12 14:49shuehnerRelationship addeddepends on 0038941
2018-07-13 11:56alostaleRelationship addeddepends on 0038948
2018-07-13 12:15alostaleRelationship addeddepends on 0038950
2019-03-12 11:45alostaleRelationship addeddepends on 0040358
2019-04-04 13:27alostaleRelationship addeddepends on 0040522
2019-04-09 20:30shuehnerRelationship addeddepends on 0040559
2019-04-09 20:32shuehnerRelationship addeddepends on 0040560
2019-04-09 20:56shuehnerRelationship addeddepends on 0040523
2019-04-09 21:01shuehnerRelationship addeddepends on 0040562
2019-04-09 21:05shuehnerRelationship addeddepends on 0040564
2019-04-09 21:08shuehnerRelationship addeddepends on 0040565
2019-04-10 11:13shuehnerRelationship addeddepends on 0040568
2019-04-10 11:17shuehnerRelationship addeddepends on 0040569
2019-04-10 11:23shuehnerRelationship addeddepends on 0040570
2019-04-10 11:25shuehnerRelationship addeddepends on 0040571
2019-04-10 11:28shuehnerRelationship addeddepends on 0040572
2019-04-10 11:30shuehnerRelationship addeddepends on 0040573
2019-04-10 11:41shuehnerRelationship addeddepends on 0040574
2019-04-10 12:32shuehnerRelationship addeddepends on 0040578
2019-04-10 12:36shuehnerRelationship addeddepends on 0040579
2019-04-10 12:38shuehnerRelationship addeddepends on 0040580
2019-04-10 12:42shuehnerRelationship addeddepends on 0040581
2019-04-10 12:47shuehnerRelationship addeddepends on 0040583
2019-04-10 12:53shuehnerRelationship addeddepends on 0040584
2019-04-10 12:56shuehnerRelationship addeddepends on 0040585
2019-04-10 17:36shuehnerRelationship addeddepends on 0040588
2019-04-10 17:57shuehnerRelationship addeddepends on 0040589
2019-04-10 19:25shuehnerRelationship addeddepends on 0040590
2019-04-11 09:45alostaleRelationship addeddepends on 0040591
2019-06-11 09:09alostaleRelationship addeddepends on 0036239
2019-06-27 18:06shuehnerRelationship addeddepends on 0041198
2019-07-02 15:39shuehnerRelationship addeddepends on 0041199
2019-07-02 15:41shuehnerRelationship addeddepends on 0041231
2019-07-02 15:43shuehnerRelationship addeddepends on 0041232
2019-07-02 15:46shuehnerRelationship addeddepends on 0041233
2019-07-02 15:47shuehnerRelationship addeddepends on 0041234
2019-07-02 15:49shuehnerRelationship addeddepends on 0041235
2019-07-02 15:51shuehnerRelationship addeddepends on 0041236
2019-07-02 15:54shuehnerRelationship addeddepends on 0041237
2019-07-02 15:58shuehnerRelationship addeddepends on 0041238
2019-07-02 16:02shuehnerRelationship addeddepends on 0041239
2019-07-02 16:20shuehnerRelationship addeddepends on 0041240
2019-07-02 16:23shuehnerRelationship addeddepends on 0041242
2019-07-02 16:25shuehnerRelationship addeddepends on 0041243
2019-07-02 16:26shuehnerRelationship addeddepends on 0041244
2019-07-02 16:28shuehnerRelationship addeddepends on 0041245
2019-07-03 16:46shuehnerRelationship addeddepends on 0041251
2019-07-03 16:49shuehnerRelationship addeddepends on 0041252
2019-07-03 16:52shuehnerRelationship addeddepends on 0041253
2019-07-03 16:57shuehnerRelationship addeddepends on 0041257
2019-07-04 12:18shuehnerRelationship addeddepends on 0041273
2019-07-04 12:27shuehnerRelationship addeddepends on 0041274
2019-07-04 12:38shuehnerRelationship addeddepends on 0041278
2019-07-04 12:57shuehnerRelationship addeddepends on 0041280
2019-07-04 13:36shuehnerRelationship addeddepends on 0041281
2019-07-04 14:03shuehnerRelationship addeddepends on 0041284
2019-07-04 18:25shuehnerRelationship addeddepends on 0041289
2019-07-09 09:53alostaleRelationship addedrelated to 0041287
2019-08-28 13:35SandrahuguetRelationship addedrelated to 0041711
2020-11-11 14:22cbernerRelationship addedrelated to 0045425
2020-11-12 13:54cbernerRelationship addedrelated to 0045435
2020-11-12 15:29cbernerRelationship addedrelated to 0045436
2020-11-12 16:01cbernerRelationship addedrelated to 0045437
2020-11-25 18:17cbernerRelationship addedrelated to 0045513
2022-02-01 08:07alostaleAssigned Toplatform => Triage Platform Base
2023-02-14 12:27shuehnerRelationship addeddepends on 0051591
2023-02-14 12:46shuehnerRelationship addeddepends on 0051592
2023-02-14 13:10shuehnerRelationship addeddepends on 0051593
2023-02-14 13:31shuehnerRelationship addeddepends on 0051594
2023-02-14 13:53shuehnerRelationship addeddepends on 0051596
2023-02-15 16:45shuehnerRelationship addeddepends on 0051618
2023-02-20 14:35shuehnerRelationship addeddepends on 0051647
2023-02-22 15:30shuehnerRelationship addeddepends on 0051676

There are no notes attached to this issue.