Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0010884
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] A. Platformmajorhave not tried2009-10-06 17:092009-10-21 00:00
ReportershuehnerView Statuspublic 
Assigned Toshuehner 
PriorityurgentResolutionno change requiredFixed in Version
StatusclosedFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product Version2.40SCM revision 
Review Assigned To
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0010884: Audit all queries using LIKE with respect to _ character which is a wildcard and not a normal char

DescriptionIn Sql (both oracle and postgres) the _ in a LIKE expression is a wildcard for a any single character.

Example:
select * from m_product where name like 'Product_%';

does also match on the name 'Product 12345'...

All queries (i.e. triggers,functions) should be audited and fixed as many assume that '_' matches just the normal '_' character.
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
related to defect 00107082.50MP7 closedmarvintm Trigger dissapear in module with dependency, in Postgre 

-  Notes
(0020792)
shuehner (administrator)
2009-10-06 17:10

 Added relation as issue 10708 is one specified instance of this problem.
(0021002)
shuehner (administrator)
2009-10-14 12:28

 Changing to major/urgent as this issue already manifested in one obn issue which might lead to data loss. So check for others is more important.
(0021211)
shuehner (administrator)
2009-10-20 15:15

 Three groups of issues were found checking this topic, all issues are present from at least 2.3x on until now:

AD_WINDOW_TRG2.xml and AD_TAG_TRG2.xml
When a window or tab is renamed its ad_model_object_mapping entries are renamed as well. They are found using i.e. the broken LIKE '%_Relation.html' which would also match on '%Relation.html'. However these only for system generated/maintained mapping names so in practice this is never a problem.

AD_TAB_IMPORT.xml
When copying ad_column entries into a tab and a column is named UPDATEDBY and the next columnname matches '%_ID' it will be marked as read only. Again this would also match '%ID' but the rule to mark a column a readonly here is arbitrary and undocumented so not worth fixing it.

AD_TABLE_IMPORT.xml
Used by the 'Create column from db process'. This function does make several matches again '%_something' which also match '%something' but again the special rules for changing a columns attributes are arbitrary and completely undocumented.
(0021212)
shuehner (administrator)
2009-10-20 15:17

 As stated in last note:

ad_window/ad_tab trigger: will not happen in practice -> no change required

ad_tab_import/ad_table_import only in arbitrary/undocumented special cases -> wontfix

- Issue History
Date Modified Username Field Change
2009-10-06 17:09 shuehner New Issue
2009-10-06 17:09 shuehner Assigned To => rafaroda
2009-10-06 17:10 shuehner Relationship added related to 0010708
2009-10-06 17:10 shuehner Note Added: 0020792
2009-10-09 13:22 psarobe Assigned To rafaroda => shuehner
2009-10-09 13:22 psarobe Priority normal => low
2009-10-09 13:22 psarobe Severity major => minor
2009-10-09 13:22 psarobe Status new => scheduled
2009-10-14 12:28 shuehner Note Added: 0021002
2009-10-14 12:28 shuehner Priority low => urgent
2009-10-14 12:28 shuehner Severity minor => major
2009-10-20 15:15 shuehner Note Added: 0021211
2009-10-20 15:17 shuehner Status scheduled => closed
2009-10-20 15:17 shuehner Note Added: 0021212
2009-10-20 15:17 shuehner Resolution open => no change required
2009-10-21 00:00 anonymous sf_bug_id 0 => 2882769

Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker