Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0028088
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Retail Modules] Web POSmajorhave not tried2014-11-05 11:192014-11-17 15:31
ReporteregoitzView Statuspublic 
Assigned Toszapata 
PriorityimmediateResolutionfixedFixed in VersionRR15Q1
StatusclosedFix in branchFixed in SCM revision9b8a8c54fe38
ProjectionnoneETAnoneTarget VersionRR15Q1
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned Tomtaal
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0028088: Errors on the PaidReceiptsHeader when filtering using some characters on the ticket selector on the webpos

DescriptionWhen filtering on the ticket selector on the posterminal using for example a ' at the enf of a string an error is raised on the org/openbravo/retail/posterminal/PaidReceiptsHeader.java file



This is because the filter inputs json.getString("filterText") at PaidReceiptsHeader.java are not sanitized

Steps To Reproduce- Log in in Web POS.
- Go to Menu > Receipts
- Filter the documentno with a ' at the end for example 100086'.
- An error occurs.


3cb725a7 2014-11-01 10:37:57,795 [TP-Processor36] ERROR org.openbravo.mobile.core.process.ProcessHQLQuery - Error when generating query
org.hibernate.QueryException: expecting ''', found '<EOF>' [select ord.id as id, ord.documentNo as documentNo, ord.orderDate as orderDate, ord.businessPartner.name as
businessPartner, ord.grandTotalAmount as totalamount, ord.documentType.id as documentTypeId, 'false' as isLayaway from Order as ord where
ord.client='3AFE04DCE6EE4C5A9912EDFF5517C3A7' and ord.organization='3C0F8E1BD0694E719E55C0A5DEB0AC46' and ord.obposApplications is not null and
(ord.documentNo like '%100086'%' or REPLACE(ord.documentNo, '/', '') like '%100086'%' or upper(ord.businessPartner.name) like upper('%100086'%')) and (
ord.documentType.id='511A9371A0F74195AA3F6D66C722729D' or ord.documentType.id='B0745E66713C49199CE719BF5B88AF5C' ) and ((select
count(deliveredQuantity) from ord.orderLineList where deliveredQuantity != 0) > 0 and (select count(orderedQuantity) from ord.orderLineList where orderedQuantity > 0) >
0) order by ord.orderDate desc, ord.documentNo desc]
at org.hibernate.hql.ast.QueryTranslatorImpl.doCompile(QueryTranslatorImpl.java:229)
at org.hibernate.hql.ast.QueryTranslatorImpl.compile(QueryTranslatorImpl.java:136)
at org.hibernate.engine.query.HQLQueryPlan.<init>(HQLQueryPlan.java:101)
at org.hibernate.engine.query.HQLQueryPlan.<init>(HQLQueryPlan.java:80)
at org.hibernate.engine.query.QueryPlanCache.getHQLQueryPlan(QueryPlanCache.java:124)
at org.hibernate.impl.AbstractSessionImpl.getHQLQueryPlan(AbstractSessionImpl.java:156)
at org.hibernate.impl.AbstractSessionImpl.createQuery(AbstractSessionImpl.java:135)
at org.hibernate.impl.SessionImpl.createQuery(SessionImpl.java:1770)
at org.openbravo.mobile.core.process.ProcessHQLQuery.exec(ProcessHQLQuery.java:70)
at org.openbravo.mobile.core.process.SecuredJSONProcess.secureExec(SecuredJSONProcess.java:39)
at org.openbravo.mobile.core.process.MobileService.execClassName(MobileService.java:154)
at org.openbravo.mobile.core.process.MobileService.doGetOrPost(MobileService.java:77)
at org.openbravo.mobile.core.process.MobileService.doPost(MobileService.java:48)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at org.openbravo.base.HttpBaseServlet.serviceInitialized(HttpBaseServlet.java:225)
at org.openbravo.base.secureApp.HttpSecureAppServlet.service(HttpSecureAppServlet.java:445)
at org.openbravo.client.kernel.BaseKernelServlet.callServiceInSuper(BaseKernelServlet.java:87)
at org.openbravo.mobile.core.process.WebServiceAuthenticatedServlet.service(WebServiceAuthenticatedServlet.java:52)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
causes defect 0030261 closedjorge-garcia receipts search in WEB POS does not work with the char - 

-  Notes
(0071477)
hgbot (developer)
2014-11-07 03:31

Repository: erp/pmods/org.openbravo.retail.posterminal
Changeset: 5926364e251afa3edc07fa817965ed43dfcc1980
Author: Salvador Zapata <salvador.zapata <at> gmail.com>
Date: Thu Nov 06 19:40:41 2014 -0300
URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/5926364e251afa3edc07fa817965ed43dfcc1980 [^]

Fixed issue 28088: Replaced ' chars in the filtered text

---
M src/org/openbravo/retail/posterminal/PaidReceiptsHeader.java
---
(0071478)
hgbot (developer)
2014-11-07 03:31

Repository: erp/pmods/org.openbravo.retail.posterminal
Changeset: 9b8a8c54fe38ce2962f238261647143631f9c126
Author: Salvador Zapata <salvador.zapata <at> gmail.com>
Date: Thu Nov 06 19:45:03 2014 -0300
URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/9b8a8c54fe38ce2962f238261647143631f9c126 [^]

Fixed issue 28088: Replaced ' chars in the filtered text. out of core

---
M src/org/openbravo/retail/posterminal/PaidReceiptsHeader.java
---
(0071679)
hgbot (developer)
2014-11-17 01:08

Repository: erp/pmods/org.openbravo.retail.posterminal
Changeset: 6d4f21740e172822bea1a301a346a4c6fd69fd84
Author: Martin Taal <martin.taal <at> openbravo.com>
Date: Mon Nov 17 01:08:20 2014 +0100
URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/6d4f21740e172822bea1a301a346a4c6fd69fd84 [^]

Related to issue 28088: Errors on the PaidReceiptsHeader when filtering using some characters on the ticket selector on the webpos
Sanitizing on one additional usage of filterText json property added.

---
M src/org/openbravo/retail/posterminal/PaidReceiptsHeader.java
---
(0071702)
szapata (reporter)
2014-11-17 13:24

Reviewed Martin's last commit.
(0071709)
mtaal (manager)
2014-11-17 15:31

Reviewed and tested

- Issue History
Date Modified Username Field Change
2014-11-05 11:19 egoitz New Issue
2014-11-05 11:19 egoitz Assigned To => marvintm
2014-11-05 11:19 egoitz Resolution time => 1415314800
2014-11-05 11:19 egoitz Triggers an Emergency Pack => No
2014-11-05 11:21 egoitz Target Version => RR15Q1
2014-11-05 17:35 mtaal Assigned To marvintm => szapata
2014-11-07 03:31 hgbot Checkin
2014-11-07 03:31 hgbot Note Added: 0071477
2014-11-07 03:31 hgbot Status new => resolved
2014-11-07 03:31 hgbot Resolution open => fixed
2014-11-07 03:31 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/5926364e251afa3edc07fa817965ed43dfcc1980 [^]
2014-11-07 03:31 hgbot Checkin
2014-11-07 03:31 hgbot Note Added: 0071478
2014-11-07 03:31 hgbot Fixed in SCM revision http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/5926364e251afa3edc07fa817965ed43dfcc1980 [^] => http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/9b8a8c54fe38ce2962f238261647143631f9c126 [^]
2014-11-17 01:08 hgbot Checkin
2014-11-17 01:08 hgbot Note Added: 0071679
2014-11-17 13:24 szapata Note Added: 0071702
2014-11-17 15:31 mtaal Review Assigned To => mtaal
2014-11-17 15:31 mtaal Note Added: 0071709
2014-11-17 15:31 mtaal Status resolved => closed
2014-11-17 15:31 mtaal Fixed in Version => RR15Q1
2015-06-29 13:58 dmitry_mezentsev Relationship added causes 0030261


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker