Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0041260Openbravo ERP09. Financial managementpublic2019-06-27 18:092019-07-16 16:42
Reportershuehner 
Assigned ToTriage Omni OMS 
PrioritynormalSeveritymajorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target Version3.0PR19Q1.3Fixed in Version3.0PR19Q1.3 
Merge Request Status
Review Assigned Todmiguelez
OBNetwork customer
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0041260: PaymentReportDao is not using bind-param
DescriptionSeveral cases in that file are not using bind-param both for simple values i.e. here:
          hsqlScript.append(" and fpsd.");
          hsqlScript.append(FIN_PaymentScheduleDetail.PROPERTY_ORGANIZATION);
          hsqlScript.append(".id = '");
          hsqlScript.append(strOrg);
          hsqlScript.append("'");

as well as for list of values in in-clauses:
          hsqlScript.append(".id in ('");
          Set<String> orgChildTree = OBContext.getOBContext()
              .getOrganizationStructureProvider()
              .getChildTree(strOrg, true);
          Iterator<String> orgChildTreeIter = orgChildTree.iterator();
          while (orgChildTreeIter.hasNext()) {
            hsqlScript.append(orgChildTreeIter.next());
            orgChildTreeIter.remove();
            hsqlScript.append("'");
            if (orgChildTreeIter.hasNext()) {
              hsqlScript.append(", '");
            }
          }
          hsqlScript.append(")");
        }


Note: that setParameterList can be easily use to pass value lists directly see issue 40580 for an example
Steps To Reproduce-
Proposed Solution
Additional Information
TagsNo tags attached.
Relationships
blocks defect 00411993.0PR19Q4 closed collazoandy4 PaymentReportDao is not using bind-param 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2019-07-03 17:00shuehnerTypedefect => backport
2019-07-03 17:00shuehnerTarget Version => 3.0PR19Q1.2
2019-07-09 18:19shuehnerTarget Version3.0PR19Q1.2 => 3.0PR19Q1.3
2019-07-16 16:41hgbotCheckin
2019-07-16 16:41hgbotNote Added: 0113433
2019-07-16 16:41hgbotStatusscheduled => resolved
2019-07-16 16:41hgbotResolutionopen => fixed
2019-07-16 16:41hgbotFixed in SCM revision => http://code.openbravo.com/erp/backports/3.0PR19Q1.3/rev/90515e679dece1db9046baaaa06ddcbe142b1bf8 [^]
2019-07-16 16:42dmiguelezReview Assigned To => dmiguelez
2019-07-16 16:42dmiguelezNote Added: 0113436
2019-07-16 16:42dmiguelezStatusresolved => closed
2019-07-16 16:42dmiguelezFixed in Version => 3.0PR19Q1.3

Notes
(0113433)
hgbot   
2019-07-16 16:41   
Repository: erp/backports/3.0PR19Q1.3
Changeset: 90515e679dece1db9046baaaa06ddcbe142b1bf8
Author: Armaignac <collazoandy4 <at> gmail.com>
Date: Tue Jul 16 12:09:54 2019 +0200
URL: http://code.openbravo.com/erp/backports/3.0PR19Q1.3/rev/90515e679dece1db9046baaaa06ddcbe142b1bf8 [^]

Fixes issue 41260: PaymentReportDao is not using bind-param

Applied bind-params in getPaymentReport method

---
M modules/org.openbravo.financial.paymentreport/src/org/openbravo/financial/paymentreport/erpCommon/ad_reports/PaymentReportDao.java
---
(0113436)
dmiguelez   
2019-07-16 16:42   
Code Review + Testing Ok