Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0038146
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] A. Platformminorhave not tried2018-03-14 17:202018-05-09 19:29
ReportershuehnerView Statuspublic 
Assigned Toshuehner 
PrioritynormalResolutionfixedFixed in Version3.0PR18Q3
StatusclosedFix in branchFixed in SCM revision77f54a865e67
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned Toalostale
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0038146: OBQuery when auto-adding client+org filter is not using bind-variables

DescriptionOBQuery class can automatically filter by readableClients & readableOrganizations.
The code doing that is not using bind-variables but embedding the list of values directly into the SQL/HQL string.

Steps To ReproduceCheck org.openbravo.util.db output of the following small java-snippet running query with OBCriteria (with limit 1) & OBQuery (with limit 2).

OBCriteria is adding client+org filter parameter while OBQuery is not.

    OBContext.setAdminMode();
    OBCriteria<Message> msgCrit = OBDal.getInstance().createCriteria(Message.class);
    msgCrit.setMaxResults(1);
    List<Message> msgs = msgCrit.list();

    OBQuery<Message> msgQry = OBDal.getInstance().createQuery(Message.class, "");
    msgQry.setMaxResult(2);
    List<Message> msg2 = msgQry.list();
    OBContext.restorePreviousMode();


89466 [http-bio-8080-exec-7] INFO org.openbravo.util.db.StatementInvocationHandler - executeQuery --- SQL:
select this_.AD_Message_ID as AD1_61_0_, this_.AD_Client_ID as AD2_61_0_, this_.AD_Org_ID as AD3_61_0_, this_.IsActive as IsActive61_0_, this_.Created as Created61_0_, this_.CreatedBy as CreatedBy61_0_, this_.Updated as Updated61_0_, this_.UpdatedBy as UpdatedBy61_0_, this_.Value as Value61_0_, this_.MsgText as MsgText61_0_, this_.MsgTip as MsgTip61_0_, this_.MsgType as MsgType61_0_, this_.AD_Module_ID as AD13_61_0_, this_.IsIncludeInI18N as IsInclu14_61_0_ from AD_Message this_ where this_.AD_Org_ID in (?, ?, ?, ?, ?, ?, ?, ?) and this_.AD_Client_ID in (?, ?) and this_.IsActive=? limit ?
  t:7
     $1: 0
     $2: E443A31992CB4635AFCAEABE7183CE85
     $3: B843C30461EA4501935CB1D125C9C25A
     $4: BAE22373FEBE4CCCA24517E23F0C8A48
     $5: DC206C91AA6A4897B44DA897936E0EC3
     $6: 19404EAD144C49A0AF37D54377CF452D
     $7: 2E60544D37534C0B89E765FE29BC0B43
     $8: 7BABA5FF80494CAFA54DEBD22EC46F01
     $9: 23C59575B9CF467C9620760EB255B389
     $10: 0
     $11: Y
     $12: 1
   org.openbravo.base.PoolInterceptor$PSInvokationHandler.invoke(PoolInterceptor.java:86)
   jdk.internal.reflect.GeneratedMethodAccessor158.invoke(Unknown Source)
   java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   java.base/java.lang.reflect.Method.invoke(Method.java:564)
   org.openbravo.dal.service.OBCriteria.list(OBCriteria.java:100)
   org.openbravo.erpCommon.ad_forms.About.printPageDataSheet(About.java:70)
   org.openbravo.erpCommon.ad_forms.About.doPost(About.java:56)
   org.openbravo.base.HttpBaseServlet.doGet(HttpBaseServlet.java:287)

89468 [http-bio-8080-exec-7] INFO org.openbravo.util.db.StatementInvocationHandler - executeQuery --- SQL:
select admessage0_.AD_Message_ID as AD1_61_, admessage0_.AD_Client_ID as AD2_61_, admessage0_.AD_Org_ID as AD3_61_, admessage0_.IsActive as IsActive61_, admessage0_.Created as Created61_, admessage0_.CreatedBy as CreatedBy61_, admessage0_.Updated as Updated61_, admessage0_.UpdatedBy as UpdatedBy61_, admessage0_.Value as Value61_, admessage0_.MsgText as MsgText61_, admessage0_.MsgTip as MsgTip61_, admessage0_.MsgType as MsgType61_, admessage0_.AD_Module_ID as AD13_61_, admessage0_.IsIncludeInI18N as IsInclu14_61_ from AD_Message admessage0_ where (admessage0_.AD_Org_ID in ('0' , 'E443A31992CB4635AFCAEABE7183CE85' , 'B843C30461EA4501935CB1D125C9C25A' , 'BAE22373FEBE4CCCA24517E23F0C8A48' , 'DC206C91AA6A4897B44DA897936E0EC3' , '19404EAD144C49A0AF37D54377CF452D' , '2E60544D37534C0B89E765FE29BC0B43' , '7BABA5FF80494CAFA54DEBD22EC46F01')) and (admessage0_.AD_Client_ID in ('23C59575B9CF467C9620760EB255B389' , '0')) and admessage0_.IsActive='Y' limit ?
  t:1
     $1: 2
   org.openbravo.base.PoolInterceptor$PSInvokationHandler.invoke(PoolInterceptor.java:86)
   jdk.internal.reflect.GeneratedMethodAccessor158.invoke(Unknown Source)
   java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   java.base/java.lang.reflect.Method.invoke(Method.java:564)
   org.openbravo.dal.service.OBQuery.list(OBQuery.java:120)
   org.openbravo.erpCommon.ad_forms.About.printPageDataSheet(About.java:74)
   org.openbravo.erpCommon.ad_forms.About.doPost(About.java:56)
   org.openbravo.base.HttpBaseServlet.doGet(HttpBaseServlet.java:287)
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
related to defect 0038382 closedcaristu Deprecate usage of positional query parameters in OBQuery 
blocks design defect 0038136 acknowledgedTriage Platform Base Tracking issue: Find & Fix queries not using bind-params but embedding values into query string 

-  Notes
(0103938)
hgbot (developer)
2018-04-17 15:16

Repository: erp/devel/pi
Changeset: 77f54a865e674e3ae329bd961e39ce0b310d350a
Author: Augusto Mauch <augusto.mauch <at> openbravo.com>
Date: Tue Apr 17 15:16:30 2018 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/77f54a865e674e3ae329bd961e39ce0b310d350a [^]

Fixes issue 38146: OBQuery uses parameters in organization and client filters

Those HQL queries now use bind-variables in the default client and organization filter.

---
M src/org/openbravo/dal/service/OBQuery.java
---
(0104005)
alostale (manager)
2018-04-20 09:44

reviewed
(0104384)
hudsonbot (developer)
2018-05-09 19:29

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/2be7d3efe606 [^]
Maturity status: Test

- Issue History
Date Modified Username Field Change
2018-03-14 17:20 shuehner New Issue
2018-03-14 17:20 shuehner Assigned To => shuehner
2018-03-14 17:20 shuehner Modules => Core
2018-03-14 17:20 shuehner Triggers an Emergency Pack => No
2018-03-14 17:22 shuehner Relationship added blocks 0038136
2018-03-22 17:37 shuehner Review Assigned To => alostale
2018-03-22 17:37 shuehner Status new => scheduled
2018-04-17 14:03 caristu Relationship added related to 0038382
2018-04-17 15:16 hgbot Checkin
2018-04-17 15:16 hgbot Note Added: 0103938
2018-04-17 15:16 hgbot Status scheduled => resolved
2018-04-17 15:16 hgbot Resolution open => fixed
2018-04-17 15:16 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/77f54a865e674e3ae329bd961e39ce0b310d350a [^]
2018-04-20 09:44 alostale Note Added: 0104005
2018-04-20 09:44 alostale Status resolved => closed
2018-04-20 09:44 alostale Fixed in Version => 3.0PR18Q3
2018-05-09 19:29 hudsonbot Checkin
2018-05-09 19:29 hudsonbot Note Added: 0104384


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker