Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0040523Openbravo ERPZ. Otherspublic2019-04-04 13:382019-05-21 15:16
Reporteralostale 
Assigned Tononofrancisco 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target VersionFixed in Version3.0PR19Q3 
Merge Request Status
Review Assigned Tovmromanos
OBNetwork customer
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0040523: use bind-parameters in FactLine
DescriptionFactLine.getDescription method is generating a sql setting parameters by String concatenation, replace tokens by bind parameters.
Steps To Reproduce-
Proposed SolutionIf query can be executed in Dal transaction can be done as:

        strSql = strSql.replaceAll("@RecordId@", ":recordId").replaceAll("@Line@", ":lineId");
        description.append(OBDal.getInstance().getSession()
            .createNativeQuery(strSql)
            .setParameter("lineId", localStrLine)
            .setParameter("recordId", strRecord_ID)
            .uniqueResult());
Additional Information
TagsNo tags attached.
Relationships
depends on backport 00406993.0PR19Q2 closed nonofrancisco use bind-parameters in FactLine 
depends on backport 00407003.0PR19Q1.1 closed nonofrancisco use bind-parameters in FactLine 
depends on backport 00407013.0PR18Q4.4 closed nonofrancisco use bind-parameters in FactLine 
blocks design defect 0038136 acknowledged Triage Platform Base Tracking issue: Find & Fix queries not using bind-params but embedding values into query string 
causes defect 0041848 closed markmm82 Cannot post a document if it has a customized SQL description that returns more than one record 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2019-04-04 13:38alostaleNew Issue
2019-04-04 13:38alostaleAssigned To => Triage Finance
2019-04-04 13:38alostaleModules => Core
2019-04-04 13:38alostaleTriggers an Emergency Pack => No
2019-04-04 13:38alostaleRelationship addedblocks 0040522
2019-04-05 10:09vmromanosStatusnew => scheduled
2019-04-05 10:09vmromanosAssigned ToTriage Finance => nonofrancisco
2019-04-05 10:19vmromanosNote Added: 0110995
2019-04-05 10:19vmromanosNote Edited: 0110995bug_revision_view_page.php?bugnote_id=0110995#r18593
2019-04-09 14:04caristuProposed Solution updated
2019-04-09 20:56shuehnerRelationship addedblocks 0038136
2019-04-09 20:57shuehnerRelationship deletedblocks 0040522
2019-04-26 08:02vmromanosStatusscheduled => acknowledged
2019-04-26 15:11nonofranciscoStatusacknowledged => scheduled
2019-04-29 13:33nonofranciscoStatusscheduled => acknowledged
2019-04-29 13:34nonofranciscoStatusacknowledged => scheduled
2019-05-02 15:11nonofranciscoNote Added: 0111436
2019-05-02 16:09vmromanosNote Added: 0111438
2019-05-02 16:10vmromanosFile Added: before.png
2019-05-02 16:10vmromanosFile Added: after.png
2019-05-02 16:28vmromanosNote Edited: 0111438bug_revision_view_page.php?bugnote_id=0111438#r18699
2019-05-02 16:28vmromanosFile Deleted: before.png
2019-05-02 16:28vmromanosFile Deleted: after.png
2019-05-03 09:55vmromanosNote Edited: 0111438bug_revision_view_page.php?bugnote_id=0111438#r18702
2019-05-03 10:13hgbotCheckin
2019-05-03 10:13hgbotNote Added: 0111460
2019-05-03 10:13hgbotStatusscheduled => resolved
2019-05-03 10:13hgbotResolutionopen => fixed
2019-05-03 10:13hgbotFixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/54f5cc848bee48edf56131bff6b0265e17a75a99 [^]
2019-05-03 10:13hgbotCheckin
2019-05-03 10:13hgbotNote Added: 0111461
2019-05-03 12:02vmromanosReview Assigned To => vmromanos
2019-05-03 12:02vmromanosNote Added: 0111472
2019-05-03 12:02vmromanosStatusresolved => closed
2019-05-03 12:02vmromanosFixed in Version => 3.0PR19Q3
2019-05-21 15:16hudsonbotCheckin
2019-05-21 15:16hudsonbotNote Added: 0112006
2019-05-21 15:16hudsonbotCheckin
2019-05-21 15:16hudsonbotNote Added: 0112007
2019-09-18 15:03ngarciaRelationship addedcauses 0041848

Notes
(0110995)
vmromanos   
2019-04-05 10:19   
Backport to previous releases
(0111436)
nonofrancisco   
2019-05-02 15:11   
Test Plan

As System Administrator
Open Widows Tabs and Field window
Filter by "General Ledger Configuration"
Select Active Tables tab
Set Displayed = true for field "SQL Description"
Rebuild the system

As F&B Group Admin mode
Select General Ledger "F&B International Group US/A/US Dollar"
Move to Active Table tab
Select "Invoice" table
Write this query in SQL Description field
"select o.name from c_invoice i inner join ad_org o on i.ad_org_id = o.ad_org_id and i.c_invoice_id = @RecordId@ and i.c_invoice_id <> @Line@"

Create a Sales Invoice
Complete the document
Post the document
Verify the operation completes successfully
(0111438)
vmromanos   
2019-05-02 16:09   
(edited on: 2019-05-03 09:55)
Extended test plan:

As System Administrator
Open Widows Tabs and Field window
Filter by "General Ledger Configuration"
Select Active Tables tab
Set Displayed = true for field "SQL Description"
Rebuild the system

As F&B Group Admin mode
Select General Ledger "F&B España, S.A. US/A/Euro"
Move to Active Table tab
Select "Invoice" table
Write this query in SQL Description field:
select 'RecordId: ' || @RecordId@ || ', Line: ' || @Line@ from dual

Create a Sales Invoice for España Norte
Complete the document
Post the document
Verify the operation completes successfully
Inside the Journal Entries Report for "F&B España, S.A. US/A/Euro", press the Detail link.
Verify the description field looks like (the IDs might change):
43000 Clientes (euros) a corto plazo 185.13 RecordId: 3232199ED4824EE3A07BCC1E580ABFE7, Line: 5B172283D5474E7384BE6FA4EE1B521B
47700 Hacienda Pública IVA repercutido 32.13 RecordId: 3232199ED4824EE3A07BCC1E580ABFE7, Line: NULL
70000 Ventas de mercaderías 153.00 RecordId: 3232199ED4824EE3A07BCC1E580ABFE7, Line: 92488D61F72E4E288C8382FA5E537DEE


As F&B Group Admin mode
Select General Ledger "F&B España, S.A. US/A/Euro"
Move to Active Table tab
Select "Invoice" table
Write this query in SQL Description field:
select @Line@ from dual
(Note there is no @RecordId@ this time).

Create a Sales Invoice for España Norte
Complete the document
Post the document.
Verify the description field looks like (the IDs might change):
43000 Clientes (euros) a corto plazo 185.13 5B172283D5474E7384BE6FA4EE1B521B
47700 Hacienda Pública IVA repercutido 32.13
70000 Ventas de mercaderías 153.00 92488D61F72E4E288C8382FA5E537DEE
(0111460)
hgbot   
2019-05-03 10:13   
Repository: erp/devel/pi
Changeset: 54f5cc848bee48edf56131bff6b0265e17a75a99
Author: Nono Carballo <nonofce <at> gmail.com>
Date: Thu May 02 12:00:38 2019 -0400
URL: http://code.openbravo.com/erp/devel/pi/rev/54f5cc848bee48edf56131bff6b0265e17a75a99 [^]

Fixes issue 40523: Uses bind parameters in query

Instead of using string concatenation to form the query, bind parameters are
used.

---
M src/org/openbravo/erpCommon/ad_forms/FactLine.java
---
(0111461)
hgbot   
2019-05-03 10:13   
Repository: erp/devel/pi
Changeset: a09be04c90d76eada9ca5765d798ab75194cacae
Author: Víctor Martínez Romanos <victor.martinez <at> openbravo.com>
Date: Fri May 03 09:54:13 2019 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/a09be04c90d76eada9ca5765d798ab75194cacae [^]

Related to issue 40523: code review improvements
Centralize localStrLine definition in just one line, when it's used.
Change parameter names to make more difficult to have conflicts with user defined params.
Remove 'if' for corner case. This creates a very small change in this scenario:
  select 'RecordId: ' || @RecordId@ || ', Line: ' || @Line@ from dual
  When Line is null then:
    Before: NULL
    After: RecordId: 3232199ED4824EE3A07BCC1E580ABFE7, Line: NULL

---
M src/org/openbravo/erpCommon/ad_forms/FactLine.java
---
(0111472)
vmromanos   
2019-05-03 12:02   
Code review + testing OK
(0112006)
hudsonbot   
2019-05-21 15:16   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/9b8f37d9d85e [^]
Maturity status: Test
(0112007)
hudsonbot   
2019-05-21 15:16   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/9b8f37d9d85e [^]
Maturity status: Test