Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0038950Openbravo ERPA. Platformpublic2018-07-13 12:152019-05-21 15:16
Reporteralostale 
Assigned Toalostale 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target VersionFixed in Version3.0PR19Q3 
Merge Request Status
Review Assigned Tocaristu
OBNetwork customerNo
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0038950: use bind-parameters in Preferences.java
DescriptionThis piece of code is injecting params by String concatenation:

        List<String> parentTree = OBContext.getOBContext().getOrganizationStructureProvider(client)
            .getParentList(org, true);
        String parentOrgs = "(" + StringCollectionUtils.commaSeparated(parentTree) + ")";
        hql.append(" and coalesce(p.visibleAtOrganization, '0') in " + parentOrgs);
Steps To Reproduce-
Proposed SolutionHibernate supports setting IN parameters as a Collection, replace this code for a param.
Additional Information
TagsNo tags attached.
Relationships
blocks design defect 0038136 acknowledged Triage Platform Base Tracking issue: Find & Fix queries not using bind-params but embedding values into query string 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2018-07-13 12:15alostaleNew Issue
2018-07-13 12:15alostaleAssigned To => platform
2018-07-13 12:15alostaleOBNetwork customer => No
2018-07-13 12:15alostaleModules => Core
2018-07-13 12:15alostaleTriggers an Emergency Pack => No
2018-07-13 12:15alostaleRelationship addedblocks 0038136
2018-08-03 08:57alostaleStatusnew => acknowledged
2019-04-26 10:27hgbotCheckin
2019-04-26 10:27hgbotNote Added: 0111352
2019-04-26 10:27hgbotStatusacknowledged => resolved
2019-04-26 10:27hgbotResolutionopen => fixed
2019-04-26 10:27hgbotFixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/66c41204bce2f25473854a6851a228f568705da6 [^]
2019-04-29 17:28shuehnerAssigned Toplatform => alostale
2019-05-03 07:46alostaleReview Assigned To => caristu
2019-05-10 15:27caristuNote Added: 0111626
2019-05-10 15:27caristuStatusresolved => closed
2019-05-10 15:27caristuFixed in Version => 3.0PR19Q3
2019-05-21 15:16hudsonbotCheckin
2019-05-21 15:16hudsonbotNote Added: 0112001

Notes
(0111352)
hgbot   
2019-04-26 10:27   
Repository: erp/devel/pi
Changeset: 66c41204bce2f25473854a6851a228f568705da6
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Thu Apr 25 13:50:52 2019 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/66c41204bce2f25473854a6851a228f568705da6 [^]

fixed issue 38950: use bind-parameters in Preferences.java

---
M src/org/openbravo/erpCommon/businessUtility/Preferences.java
---
(0111626)
caristu   
2019-05-10 15:27   
Code reviewed + tested OK.
(0112001)
hudsonbot   
2019-05-21 15:16   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/9b8f37d9d85e [^]
Maturity status: Test