Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0041259Openbravo ERP09. Financial managementpublic2019-06-27 18:092019-08-01 08:41
Reportershuehner 
Assigned Tocollazoandy4 
PrioritynormalSeveritymajorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target Version3.0PR19Q2.1Fixed in Version3.0PR19Q2.1 
Merge Request Status
Review Assigned Todmiguelez
OBNetwork customerNo
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0041259: PaymentReportDao is not using bind-param
DescriptionSeveral cases in that file are not using bind-param both for simple values i.e. here:
          hsqlScript.append(" and fpsd.");
          hsqlScript.append(FIN_PaymentScheduleDetail.PROPERTY_ORGANIZATION);
          hsqlScript.append(".id = '");
          hsqlScript.append(strOrg);
          hsqlScript.append("'");

as well as for list of values in in-clauses:
          hsqlScript.append(".id in ('");
          Set<String> orgChildTree = OBContext.getOBContext()
              .getOrganizationStructureProvider()
              .getChildTree(strOrg, true);
          Iterator<String> orgChildTreeIter = orgChildTree.iterator();
          while (orgChildTreeIter.hasNext()) {
            hsqlScript.append(orgChildTreeIter.next());
            orgChildTreeIter.remove();
            hsqlScript.append("'");
            if (orgChildTreeIter.hasNext()) {
              hsqlScript.append(", '");
            }
          }
          hsqlScript.append(")");
        }


Note: that setParameterList can be easily use to pass value lists directly see issue 40580 for an example
Steps To Reproduce-
Proposed Solution
Additional Information
TagsNo tags attached.
Relationships
blocks defect 00411993.0PR19Q4 closed collazoandy4 PaymentReportDao is not using bind-param 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2019-07-03 17:00shuehnerTypedefect => backport
2019-07-03 17:00shuehnerTarget Version => 3.0PR19Q2.1
2019-07-16 16:41hgbotCheckin
2019-07-16 16:41hgbotNote Added: 0113434
2019-07-16 16:41hgbotStatusscheduled => resolved
2019-07-16 16:41hgbotResolutionopen => fixed
2019-07-16 16:41hgbotFixed in SCM revision => http://code.openbravo.com/erp/backports/3.0PR19Q2.1/rev/4393aa2729fabff8fbc81bc19af21ab23db6e772 [^]
2019-07-16 16:42dmiguelezReview Assigned To => dmiguelez
2019-07-16 16:42dmiguelezNote Added: 0113437
2019-07-16 16:42dmiguelezStatusresolved => closed
2019-07-16 16:42dmiguelezFixed in Version => 3.0PR19Q2.1
2019-08-01 08:41SandrahuguetAssigned ToTriage Finance => collazoandy4

Notes
(0113434)
hgbot   
2019-07-16 16:41   
Repository: erp/backports/3.0PR19Q2.1
Changeset: 4393aa2729fabff8fbc81bc19af21ab23db6e772
Author: Armaignac <collazoandy4 <at> gmail.com>
Date: Tue Jul 16 12:11:01 2019 +0200
URL: http://code.openbravo.com/erp/backports/3.0PR19Q2.1/rev/4393aa2729fabff8fbc81bc19af21ab23db6e772 [^]

Fixes issue 41259: PaymentReportDao is not using bind-param

Applied bind-params in getPaymentReport method

---
M modules/org.openbravo.financial.paymentreport/src/org/openbravo/financial/paymentreport/erpCommon/ad_reports/PaymentReportDao.java
---
(0113437)
dmiguelez   
2019-07-16 16:42   
Code Review + Testing Ok