0038139: POSLoginHandler.getDefaults is not using bind-parameters

Openbravo Issue Tracking System - Retail Modules

View Issue Details

Project

Category

View Status

Date Submitted

Last Update

0038139

Retail Modules

Web POS

public

2018-03-14 13:35

2018-03-27 17:48

Reporter

shuehner

Assigned To

Sandrahuguet

Priority

normal

Severity

major

Reproducibility

have not tried

Status

closed

Resolution

fixed

Platform

OS Version

Product Version

Target Version

Fixed in Version

RR18Q2

Merge Request Status

Review Assigned To

marvintm

OBNetwork customer

Support ticket

Regression level

Regression date

Regression introduced in release

Regression introduced by commit

Triggers an Emergency Pack

Summary

0038139: POSLoginHandler.getDefaults is not using bind-parameters

Description

This code should use bind-params:

      OBQuery<OBPOSApplications> appQry = OBDal.getInstance().createQuery(
          OBPOSApplications.class,
          "where searchKey = '" + terminalSearchKey + "'" + " and ((ad_isorgincluded("
              + "(select organization from ADUser where id='" + userId + "')"
              + ", organization, client.id) <> -1) or " + "(ad_isorgincluded(organization, "
              + "(select organization from ADUser where id='" + userId + "')"
              + ", client.id) <> -1)) ");

      // Terminal access will be checked to ensure that the user has access to the terminal
      OBQuery<TerminalAccess> accessCrit = OBDal.getInstance().createQuery(TerminalAccess.class,
          "where userContact.id='" + userId + "'");

Steps To Reproduce

Proposed Solution

Additional Information