Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0038146Openbravo ERPA. Platformpublic2018-03-14 17:202018-05-09 19:29
Reportershuehner 
Assigned Toshuehner 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target VersionFixed in Version3.0PR18Q3 
Merge Request Status
Review Assigned Toalostale
OBNetwork customer
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0038146: OBQuery when auto-adding client+org filter is not using bind-variables
DescriptionOBQuery class can automatically filter by readableClients & readableOrganizations.
The code doing that is not using bind-variables but embedding the list of values directly into the SQL/HQL string.

Steps To ReproduceCheck org.openbravo.util.db output of the following small java-snippet running query with OBCriteria (with limit 1) & OBQuery (with limit 2).

OBCriteria is adding client+org filter parameter while OBQuery is not.

    OBContext.setAdminMode();
    OBCriteria<Message> msgCrit = OBDal.getInstance().createCriteria(Message.class);
    msgCrit.setMaxResults(1);
    List<Message> msgs = msgCrit.list();

    OBQuery<Message> msgQry = OBDal.getInstance().createQuery(Message.class, "");
    msgQry.setMaxResult(2);
    List<Message> msg2 = msgQry.list();
    OBContext.restorePreviousMode();


89466 [http-bio-8080-exec-7] INFO org.openbravo.util.db.StatementInvocationHandler - executeQuery --- SQL:
select this_.AD_Message_ID as AD1_61_0_, this_.AD_Client_ID as AD2_61_0_, this_.AD_Org_ID as AD3_61_0_, this_.IsActive as IsActive61_0_, this_.Created as Created61_0_, this_.CreatedBy as CreatedBy61_0_, this_.Updated as Updated61_0_, this_.UpdatedBy as UpdatedBy61_0_, this_.Value as Value61_0_, this_.MsgText as MsgText61_0_, this_.MsgTip as MsgTip61_0_, this_.MsgType as MsgType61_0_, this_.AD_Module_ID as AD13_61_0_, this_.IsIncludeInI18N as IsInclu14_61_0_ from AD_Message this_ where this_.AD_Org_ID in (?, ?, ?, ?, ?, ?, ?, ?) and this_.AD_Client_ID in (?, ?) and this_.IsActive=? limit ?
  t:7
     $1: 0
     $2: E443A31992CB4635AFCAEABE7183CE85
     $3: B843C30461EA4501935CB1D125C9C25A
     $4: BAE22373FEBE4CCCA24517E23F0C8A48
     $5: DC206C91AA6A4897B44DA897936E0EC3
     $6: 19404EAD144C49A0AF37D54377CF452D
     $7: 2E60544D37534C0B89E765FE29BC0B43
     $8: 7BABA5FF80494CAFA54DEBD22EC46F01
     $9: 23C59575B9CF467C9620760EB255B389
     $10: 0
     $11: Y
     $12: 1
   org.openbravo.base.PoolInterceptor$PSInvokationHandler.invoke(PoolInterceptor.java:86)
   jdk.internal.reflect.GeneratedMethodAccessor158.invoke(Unknown Source)
   java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   java.base/java.lang.reflect.Method.invoke(Method.java:564)
   org.openbravo.dal.service.OBCriteria.list(OBCriteria.java:100)
   org.openbravo.erpCommon.ad_forms.About.printPageDataSheet(About.java:70)
   org.openbravo.erpCommon.ad_forms.About.doPost(About.java:56)
   org.openbravo.base.HttpBaseServlet.doGet(HttpBaseServlet.java:287)

89468 [http-bio-8080-exec-7] INFO org.openbravo.util.db.StatementInvocationHandler - executeQuery --- SQL:
select admessage0_.AD_Message_ID as AD1_61_, admessage0_.AD_Client_ID as AD2_61_, admessage0_.AD_Org_ID as AD3_61_, admessage0_.IsActive as IsActive61_, admessage0_.Created as Created61_, admessage0_.CreatedBy as CreatedBy61_, admessage0_.Updated as Updated61_, admessage0_.UpdatedBy as UpdatedBy61_, admessage0_.Value as Value61_, admessage0_.MsgText as MsgText61_, admessage0_.MsgTip as MsgTip61_, admessage0_.MsgType as MsgType61_, admessage0_.AD_Module_ID as AD13_61_, admessage0_.IsIncludeInI18N as IsInclu14_61_ from AD_Message admessage0_ where (admessage0_.AD_Org_ID in ('0' , 'E443A31992CB4635AFCAEABE7183CE85' , 'B843C30461EA4501935CB1D125C9C25A' , 'BAE22373FEBE4CCCA24517E23F0C8A48' , 'DC206C91AA6A4897B44DA897936E0EC3' , '19404EAD144C49A0AF37D54377CF452D' , '2E60544D37534C0B89E765FE29BC0B43' , '7BABA5FF80494CAFA54DEBD22EC46F01')) and (admessage0_.AD_Client_ID in ('23C59575B9CF467C9620760EB255B389' , '0')) and admessage0_.IsActive='Y' limit ?
  t:1
     $1: 2
   org.openbravo.base.PoolInterceptor$PSInvokationHandler.invoke(PoolInterceptor.java:86)
   jdk.internal.reflect.GeneratedMethodAccessor158.invoke(Unknown Source)
   java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   java.base/java.lang.reflect.Method.invoke(Method.java:564)
   org.openbravo.dal.service.OBQuery.list(OBQuery.java:120)
   org.openbravo.erpCommon.ad_forms.About.printPageDataSheet(About.java:74)
   org.openbravo.erpCommon.ad_forms.About.doPost(About.java:56)
   org.openbravo.base.HttpBaseServlet.doGet(HttpBaseServlet.java:287)
Proposed Solution
Additional Information
TagsNo tags attached.
Relationships
related to defect 0038382 closed caristu Deprecate usage of positional query parameters in OBQuery 
blocks design defect 0038136 acknowledged Triage Platform Base Tracking issue: Find & Fix queries not using bind-params but embedding values into query string 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2018-03-14 17:20shuehnerNew Issue
2018-03-14 17:20shuehnerAssigned To => shuehner
2018-03-14 17:20shuehnerModules => Core
2018-03-14 17:20shuehnerTriggers an Emergency Pack => No
2018-03-14 17:22shuehnerRelationship addedblocks 0038136
2018-03-22 17:37shuehnerReview Assigned To => alostale
2018-03-22 17:37shuehnerStatusnew => scheduled
2018-04-17 14:03caristuRelationship addedrelated to 0038382
2018-04-17 15:16hgbotCheckin
2018-04-17 15:16hgbotNote Added: 0103938
2018-04-17 15:16hgbotStatusscheduled => resolved
2018-04-17 15:16hgbotResolutionopen => fixed
2018-04-17 15:16hgbotFixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/77f54a865e674e3ae329bd961e39ce0b310d350a [^]
2018-04-20 09:44alostaleNote Added: 0104005
2018-04-20 09:44alostaleStatusresolved => closed
2018-04-20 09:44alostaleFixed in Version => 3.0PR18Q3
2018-05-09 19:29hudsonbotCheckin
2018-05-09 19:29hudsonbotNote Added: 0104384

Notes
(0103938)
hgbot   
2018-04-17 15:16   
Repository: erp/devel/pi
Changeset: 77f54a865e674e3ae329bd961e39ce0b310d350a
Author: Augusto Mauch <augusto.mauch <at> openbravo.com>
Date: Tue Apr 17 15:16:30 2018 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/77f54a865e674e3ae329bd961e39ce0b310d350a [^]

Fixes issue 38146: OBQuery uses parameters in organization and client filters

Those HQL queries now use bind-variables in the default client and organization filter.

---
M src/org/openbravo/dal/service/OBQuery.java
---
(0104005)
alostale   
2018-04-20 09:44   
reviewed
(0104384)
hudsonbot   
2018-05-09 19:29   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/2be7d3efe606 [^]
Maturity status: Test