Openbravo Issue Tracking System - Retail Modules
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0040717Retail ModulesWeb POSpublic2019-04-10 12:532019-05-02 08:30
Reportershuehner 
Assigned Toranjith_qualiantech_com 
PrioritynormalSeveritymajorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target VersionRR19Q1.1Fixed in VersionRR19Q1.1 
Merge Request Status
Review Assigned Tomarvintm
OBNetwork customer
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0040717: CashUpReport.doPost is not using bind-parameters
DescriptionThis code is not using bind-params:

      final String hqlCashup = "SELECT netsales, grosssales, netreturns, grossreturns, totalretailtransactions " //
          + " FROM OBPOS_App_Cashup " //
          + " WHERE id = '" + cashupId + "' "; //
      final Query<Object[]> cashupQuery = OBDal.getReadOnlyInstance()
          .getSession()
          .createQuery(hqlCashup, Object[].class);

and

      final String hqlTaxes = String.format("SELECT name, STR(ABS(amount)) " //
          + " FROM OBPOS_Taxcashup " //
          + " WHERE obpos_app_cashup_id='%s' AND ordertype='0' " //
          + " ORDER BY name ", cashupId);
      final Query<Object[]> salesTaxesQuery = OBDal.getReadOnlyInstance()
          .getSession()
          .createQuery(hqlTaxes, Object[].class);

and

      final String hqlReturnTaxes = String.format("SELECT name, STR(ABS(amount)) " //
          + " FROM OBPOS_Taxcashup " //
          + " WHERE obpos_app_cashup_id='%s' AND ordertype='1' " //
          + " ORDER BY name ", cashupId);
      final Query<Object[]> returnsTaxesQuery = OBDal.getReadOnlyInstance()
          .getSession()
          .createQuery(hqlReturnTaxes, Object[].class);
Steps To Reproduce-
Proposed Solution
Additional Information
TagsNo tags attached.
Relationships
blocks defect 0040584 closed ranjith_qualiantech_com CashUpReport.doPost is not using bind-parameters 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2019-04-30 11:55shuehnerTypedefect => backport
2019-04-30 11:55shuehnerTarget Version => RR19Q1.1
2019-05-02 08:21hgbotCheckin
2019-05-02 08:21hgbotNote Added: 0111413
2019-05-02 08:21hgbotStatusscheduled => resolved
2019-05-02 08:21hgbotResolutionopen => fixed
2019-05-02 08:21hgbotFixed in SCM revision => http://code.openbravo.com/retail/backports/3.0RR19Q1.1/org.openbravo.retail.posterminal/rev/b3e94ac4c8f8c66bdb71ce9f700a146634c55962 [^]
2019-05-02 08:30marvintmReview Assigned Toadrianromero => marvintm
2019-05-02 08:30marvintmStatusresolved => closed
2019-05-02 08:30marvintmFixed in Version => RR19Q1.1

Notes
(0111413)
hgbot   
2019-05-02 08:21   
Repository: retail/backports/3.0RR19Q1.1/org.openbravo.retail.posterminal
Changeset: b3e94ac4c8f8c66bdb71ce9f700a146634c55962
Author: Ranjith S R <ranjith <at> qualiantech.com>
Date: Thu May 02 11:51:13 2019 +0530
URL: http://code.openbravo.com/retail/backports/3.0RR19Q1.1/org.openbravo.retail.posterminal/rev/b3e94ac4c8f8c66bdb71ce9f700a146634c55962 [^]

Fixed issue 40717 : Update CashupReport query to use query parameter

---
M src/org/openbravo/retail/posterminal/ad_reports/CashUpReport.java
---