Openbravo Issue Tracking System - Retail Modules
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0040716Retail ModulesWeb POSpublic2019-04-10 12:532019-05-02 08:30
Reportershuehner 
Assigned Toranjith_qualiantech_com 
PrioritynormalSeveritymajorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target VersionRR19Q2Fixed in VersionRR19Q2 
Merge Request Status
Review Assigned Tomarvintm
OBNetwork customerNo
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0040716: CashUpReport.doPost is not using bind-parameters
DescriptionThis code is not using bind-params:

      final String hqlCashup = "SELECT netsales, grosssales, netreturns, grossreturns, totalretailtransactions " //
          + " FROM OBPOS_App_Cashup " //
          + " WHERE id = '" + cashupId + "' "; //
      final Query<Object[]> cashupQuery = OBDal.getReadOnlyInstance()
          .getSession()
          .createQuery(hqlCashup, Object[].class);

and

      final String hqlTaxes = String.format("SELECT name, STR(ABS(amount)) " //
          + " FROM OBPOS_Taxcashup " //
          + " WHERE obpos_app_cashup_id='%s' AND ordertype='0' " //
          + " ORDER BY name ", cashupId);
      final Query<Object[]> salesTaxesQuery = OBDal.getReadOnlyInstance()
          .getSession()
          .createQuery(hqlTaxes, Object[].class);

and

      final String hqlReturnTaxes = String.format("SELECT name, STR(ABS(amount)) " //
          + " FROM OBPOS_Taxcashup " //
          + " WHERE obpos_app_cashup_id='%s' AND ordertype='1' " //
          + " ORDER BY name ", cashupId);
      final Query<Object[]> returnsTaxesQuery = OBDal.getReadOnlyInstance()
          .getSession()
          .createQuery(hqlReturnTaxes, Object[].class);
Steps To Reproduce-
Proposed Solution
Additional Information
TagsNo tags attached.
Relationships
blocks defect 0040584 closed ranjith_qualiantech_com CashUpReport.doPost is not using bind-parameters 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2019-04-30 11:55shuehnerTypedefect => backport
2019-04-30 11:55shuehnerTarget Version => RR19Q2
2019-05-02 08:21hgbotCheckin
2019-05-02 08:21hgbotNote Added: 0111412
2019-05-02 08:21hgbotStatusscheduled => resolved
2019-05-02 08:21hgbotResolutionopen => fixed
2019-05-02 08:21hgbotFixed in SCM revision => http://code.openbravo.com/retail/backports/3.0RR19Q2/org.openbravo.retail.posterminal/rev/8365c58d4244a6439a7728a7a98c8b433d166453 [^]
2019-05-02 08:30marvintmReview Assigned Toadrianromero => marvintm
2019-05-02 08:30marvintmStatusresolved => closed
2019-05-02 08:30marvintmFixed in Version => RR19Q2

Notes
(0111412)
hgbot   
2019-05-02 08:21   
Repository: retail/backports/3.0RR19Q2/org.openbravo.retail.posterminal
Changeset: 8365c58d4244a6439a7728a7a98c8b433d166453
Author: Ranjith S R <ranjith <at> qualiantech.com>
Date: Thu May 02 11:51:16 2019 +0530
URL: http://code.openbravo.com/retail/backports/3.0RR19Q2/org.openbravo.retail.posterminal/rev/8365c58d4244a6439a7728a7a98c8b433d166453 [^]

Fixed issue 40716 : Update CashupReport query to use query parameter

---
M src/org/openbravo/retail/posterminal/ad_reports/CashUpReport.java
---