Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0038136
TypeCategorySeverityReproducibilityDate SubmittedLast Update
design defect[Openbravo ERP] Z. Othersminorhave not tried2018-03-14 13:002022-02-01 08:07
ReportershuehnerView Statuspublic 
Assigned ToTriage Platform Base 
PrioritynormalResolutionopenFixed in Version
StatusacknowledgedFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned To
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0038136: Tracking issue: Find & Fix queries not using bind-params but embedding values into query string

DescriptionQueries should separate query text from data values which is done using bind-parameters.

That is important to 3 reasons:
a.) Avoid SQL/HQL injections
b.) Not have 'different SQL text' for same query but different values
b.1) To efficient utilize hibernate cache
b.2) Inefficient use of oracle query cache as not using bind variables make 'same query' show up with many times with different query cache.

This issue is to link the various individual issues to fix the concrete cases found.
Steps To Reproduce-
TagsPerformance
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
related to feature request 0037641 closedAugustoMauch Openbravo ERP Make the max size of Hibernate's HqlQueryPlan cache configurable 
related to design defect 0041287 acknowledgedTriage Platform Base Openbravo ERP Tracking issue: Convert HQL to apply new style 
depends on defect 0038133 closedSandrahuguet Retail Modules AddPack.java has query which is not using bind-parameters 
depends on defect 0038135 closedshuehner Openbravo ERP OBContext.getOrganizationList is not using bind-parameters 
depends on defect 0038137 closedshuehner Openbravo ERP EntityAccessChecker.initialize is not using bind-variables 
depends on defect 0038138 closedSandrahuguet Retail Modules LoginUtilsServlet.getUserImages is not using bind-variables 
depends on defect 0038139 closedSandrahuguet Retail Modules POSLoginHandler.getDefaults is not using bind-parameters 
depends on defect 0038140 closedSandrahuguet Retail Modules MobileServerController.readCentralServer is not using bind-parameters 
depends on defect 0038141 closedSandrahuguet Openbravo ERP FIN_Utility.getDocumentType is not using bind-variables 
depends on defect 0038142 newTriage Omni OMS Openbravo ERP pl-function ad_get_doc_le_bu is not using bind-parameters 
depends on defect 0038145 closedSandrahuguet Retail Modules org.openbravo.retail.posterminal.term.Warehouses (posterminal + mobile.procurement module) don't use bind-variables 
depends on defect 0038146 closedshuehner Openbravo ERP OBQuery when auto-adding client+org filter is not using bind-variables 
depends on feature request 0038199 newTriage Platform Base Openbravo ERP SqlC generated code should be able to use bind-variables for list of values (i.e. ad_client_id, ad_org_id) filters 
depends on defect 0038200 newTriage Omni OMS Openbravo ERP DefaultValuesData.select (NOT xsql-generated) is not using bind-params for ad_client_id + ad_org_id filters 
depends on defect 0038941 acknowledgedTriage Platform Base Openbravo ERP use bind-parameters in TextInterfacesData 
depends on defect 0038948 acknowledgedTriage Platform Base Openbravo ERP use bind-parameters in DefaultOptionsData.getDefaultWarehouse 
depends on defect 0038950 closedalostale Openbravo ERP use bind-parameters in Preferences.java 
depends on defect 0040358 closedalostale Openbravo ERP use bind-parameters in ImportEntryManager 
depends on defect 0040522 closednonofrancisco Openbravo ERP use bind-parameters in FIN_BankStatementImport 
depends on defect 0040559 closednonofrancisco Openbravo ERP SL_TaxCategory_Org.execute is not using bind-parameters 
depends on defect 0040560 closednonofrancisco Openbravo ERP AcctServer.isConveritble is not using bind-parameters 
depends on defect 0040523 closednonofrancisco Openbravo ERP use bind-parameters in FactLine 
depends on defect 0040562 closedalostale Openbravo ERP HelpWindow.generateWindow is not using bind-variables 
depends on defect 0040564 closedalostale Openbravo ERP MyOpenbravoActionHandler.processWidgets is not using bind-variables 
depends on defect 0040565 closedalostale Openbravo ERP SelectorFieldPropertyCallout.execute is not using bind-variables 
depends on defect 0040568RR19Q3 closedranjith_qualiantech_com Retail Modules RolePermissions.getPrefList is not using bind-parameters 
depends on defect 0040569RR19Q3 closedranjith_qualiantech_com Retail Modules LabelsComponent.(getLabels+getLists) are not using bind-parameters 
depends on defect 0040570RR19Q3 closedjarmendariz Retail Modules MobileServercontroller.isThereACentralServerDefined is not using bind-parameters 
depends on defect 0040571RR19Q3 closedjarmendariz Retail Modules ServerStateBackground.getServerstoSendPing is not using bind-parameters 
depends on defect 0040572RR19Q3 closedranjith_qualiantech_com Retail Modules LoginUtilsServlet.preLogin is not using bind-parameters 
depends on defect 0040573RR19Q3 closedranjith_qualiantech_com Retail Modules POSUtils.hasCurrencyRate is not using bind-parameters 
depends on defect 00405743.0PR19Q3 closednonofrancisco Openbravo ERP SequenceProductCreate.getLineNum is not using bind-parameters 
depends on defect 0040578 closedalostale Openbravo ERP Utility.getListValueName is not using bind-parameters 
depends on defect 0040579 closedTriage Omni OMS Openbravo ERP ResetAccounting.hasProcessing is not using bind-parameters 
depends on defect 0040580 closedalostale Openbravo ERP AlertActionHandler.countActiveAlerts is not using bind-parameters 
depends on defect 0040581RR19Q3 closedjarmendariz Retail Modules SynchronizedServerProcessCaller.thereIsDataInImportQueue is not using bind-parameters 
depends on defect 0040583 closedranjith_qualiantech_com Retail Modules POSUtils.getPriceListVersionForPriceList is not using bind-parameters 
depends on defect 0040584 closedranjith_qualiantech_com Retail Modules CashUpReport.doPost is not using bind-parameters 
depends on defect 0040585RR19Q3 closedranjith_qualiantech_com Retail Modules SerializedByTermImportEntryProcessorRunnable.countEntries is not using bind-parameters 
depends on defect 0040588RR19Q3 closedjarmendariz Retail Modules MobileServerRequestExecutor.executeRequest is not using bind-parameters 
depends on defect 0040589RR19Q3 closedranjith_qualiantech_com Retail Modules POrderLoaderEntryProcessor.countEntries is not using bind-parameters & should be reviewed if not generic super.countEntries 
depends on defect 0040590RR19Q3 closedranjith_qualiantech_com Retail Modules SetBusinessDateEntryProcessor.countEntries does not use bind-parameters, probably could be removed for super.countEntries 
depends on design defect 0040591 closedalostale Openbravo ERP deprecate OBDal getReadableClientsInClause and getReadableOrganizationsInClause 
depends on defect 0036239 closedcollazoandy4 Openbravo ERP Security problem in Create Budget Reports in Excel report 
depends on defect 0041198 closedcollazoandy4 Localization Pack: Spain OBMTR30InvoiceTaxReportDao is not using bind-param. 
depends on defect 00411993.0PR19Q4 closedcollazoandy4 Openbravo ERP PaymentReportDao is not using bind-param 
depends on defect 00412313.0PR19Q4 closedcollazoandy4 Openbravo ERP Reconciliation is not using bind-params 
depends on defect 00412323.0PR19Q4 closedcollazoandy4 Openbravo ERP AdvPaymentMngtDao is not using bind-params 
depends on defect 00412333.0PR19Q4 closedcollazoandy4 Openbravo ERP MatchTransactionDao.getUnmatchedBankStatementLines 
depends on defect 00412343.0PR19Q4 closedcollazoandy4 Openbravo ERP TransactionsDao.getCurrentlyClearedAmt is not using bind-param 
depends on defect 00412353.0PR19Q4 closedcollazoandy4 Openbravo ERP FIN_AddPaymentFromJournalLine.doExecute is not using bind-params 
depends on defect 00412363.0PR19Q4 closedcollazoandy4 Openbravo ERP RecordID2Filling.getBPAccountList is not using bind-params 
depends on defect 00412373.0PR19Q4 closedcollazoandy4 Openbravo ERP FIN_BankstatementImport is not using bind-params 
depends on defect 00412383.0PR19Q4 closedcollazoandy4 Openbravo ERP FIN_Utility.{isPeriodOpen,isReversePayment,getOrderedPaymentDetailList) are not using bind-params 
depends on defect 00412393.0PR19Q4 closedalostale Openbravo ERP ADTreeDatasourceService.{getNodeChildenQuery,nodeHasChildren, nodeConformsToWhereClause) are not using bind-params 
depends on defect 00412403.0PR19Q4 closedcollazoandy4 Openbravo ERP AcctServer.{getAccountDBpartner, disableDocumentConfirmation} are not using bind-params 
depends on defect 00412423.0PR19Q4 closedcollazoandy4 Openbravo ERP DocFINBankStatement.createFact is not using bind-params 
depends on defect 00412433.0PR19Q4 closedcollazoandy4 Openbravo ERP DocFINFinAccTransaction.createFact is not using bind-params 
depends on defect 00412443.0PR19Q4 closedcollazoandy4 Openbravo ERP DocFINPayment.createFact is not using bind-params 
depends on defect 00412453.0PR19Q4 closedcollazoandy4 Openbravo ERP DocFINReconciliation.createFact is not using bind-params 
depends on defect 00412513.0PR19Q4 closedcollazoandy4 Openbravo ERP UpdateActuals.doExecute is not using bind-params 
depends on defect 00412523.0PR19Q4 closedcollazoandy4 Openbravo ERP ReportGeneralLedgerJournal.getDocuments is not using bind-params 
depends on defect 00412533.0PR19Q4 closedAtulOpenbravo Openbravo ERP ReportProjectProfitabilityJR.noConversionToHours is not using bind-params 
depends on defect 00412573.0PR19Q4 closedcollazoandy4 Openbravo ERP InitialSetupUtility.{getCOAModules,getRDModules} are not using bind-parameters 
depends on defect 0041273RR19Q4 closedranjith_qualiantech_com Retail Modules IncludeAllProducts.execute is not using bind-params 
depends on defect 0041274RR19Q4 closedgorka_gil Retail Modules PaidReceipts.checkOrderInErrorEntry is not using bind-params 
depends on defect 00412783.0PR19Q4 closedTriage Omni WMS Openbravo ERP CostingBackground.doExecute is not using bind-params 
depends on defect 0041280 closedcollazoandy4 Localization Pack: Spain AEAT347ReportAPRDao is not using bind-params 
depends on defect 0041281 closedcollazoandy4 Localization Pack: Spain AEAT3492010ReportDao is not using bind-params 
depends on defect 0041284 closedcollazoandy4 Localization Pack: Spain AEAT390ReportDao and AEAT390CashVATReadyDao are not using bind-params 
depends on defect 00412893.0PR19Q4 closedalostale Openbravo ERP TreeUtility is not using bind-params 
depends on defect 0051591 closedfrancisco_ofarril Modules NotPostedDocumentsDataSource.getFilteredDocumentTypes(String, int, int) is not using bind-parameters 
depends on defect 0051592 closedshuehner Modules Module: org.openbravo.financial.invoicetaxreport File: InvoiceTaxUtility not using bind-parameters 
depends on defect 0051593 closedshuehner Modules InvoicePaymentUtility is not using bind-parameters 
depends on defect 0051594 closedfrancisco_ofarril Modules Several files in org.openbravo.module.remittance are not using bind-params and are not following HQL-style 
depends on defect 0051596 closedshuehner Modules org.openbravo.module.intrastat some files are not using bind-param nor following HQL-style 
depends on defect 0051618 closedshuehner Modules Module org.openbravo.module.facturae, some code is not using bind-params (and not following hql style) 
depends on defect 0051647 closedshuehner Modules InvoiceMatchingAlgorithm is not following HQL style 
depends on defect 0051676 closedshuehner Modules Query in MassInvoicing is not using bind-params 
related to defect 0041711 closedcollazoandy4 Openbravo ERP Subquery in getDocumentNo in ReportGeneralLedgerJournal is not using bind-params 
related to defect 0045425 closedcberner Openbravo ERP ParametersActionHandler.onSave is not embedding parameters using OBCriteria 
related to defect 0045435 newcberner Openbravo ERP AttachmentUtils class is appending parameters to hql statement wrongly 
related to defect 0045436 newcberner Openbravo ERP JsonToDataConverter is appending parameters to hql query wrongly 
related to defect 0045437 closedcberner Openbravo ERP BaseOBObject appends parameters in hql query wrongly 
related to defect 0045513 closedcberner Openbravo ERP FIN_BankStatementImport class should use OBCriteria instead of string building 
Not all the children of this issue are yet resolved or closed.

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2018-03-14 13:00 shuehner New Issue
2018-03-14 13:00 shuehner Assigned To => platform
2018-03-14 13:00 shuehner Modules => Core
2018-03-14 13:00 shuehner Triggers an Emergency Pack => No
2018-03-14 13:03 shuehner Relationship added depends on 0038133
2018-03-14 13:04 shuehner Relationship added depends on 0038135
2018-03-14 13:13 shuehner Relationship added depends on 0038137
2018-03-14 13:24 shuehner Relationship added depends on 0038138
2018-03-14 13:36 shuehner Relationship added depends on 0038139
2018-03-14 13:49 shuehner Relationship added depends on 0038140
2018-03-14 15:09 shuehner Relationship added depends on 0038141
2018-03-14 15:24 shuehner Relationship added depends on 0038142
2018-03-14 16:15 shuehner Relationship added depends on 0038145
2018-03-14 16:26 shuehner Description Updated View Revisions
2018-03-14 17:22 shuehner Relationship added depends on 0038146
2018-03-16 08:59 alostale Status new => acknowledged
2018-03-16 08:59 alostale Tag Attached: Performance
2018-03-16 10:01 alostale Relationship added related to 0037641
2018-03-22 15:41 shuehner Relationship added depends on 0038199
2018-03-22 15:44 shuehner Relationship added depends on 0038200
2018-06-15 11:38 alostale Type defect => design defect
2018-07-12 14:49 shuehner Relationship added depends on 0038941
2018-07-13 11:56 alostale Relationship added depends on 0038948
2018-07-13 12:15 alostale Relationship added depends on 0038950
2019-03-12 11:45 alostale Relationship added depends on 0040358
2019-04-04 13:27 alostale Relationship added depends on 0040522
2019-04-09 20:30 shuehner Relationship added depends on 0040559
2019-04-09 20:32 shuehner Relationship added depends on 0040560
2019-04-09 20:56 shuehner Relationship added depends on 0040523
2019-04-09 21:01 shuehner Relationship added depends on 0040562
2019-04-09 21:05 shuehner Relationship added depends on 0040564
2019-04-09 21:08 shuehner Relationship added depends on 0040565
2019-04-10 11:13 shuehner Relationship added depends on 0040568
2019-04-10 11:17 shuehner Relationship added depends on 0040569
2019-04-10 11:23 shuehner Relationship added depends on 0040570
2019-04-10 11:25 shuehner Relationship added depends on 0040571
2019-04-10 11:28 shuehner Relationship added depends on 0040572
2019-04-10 11:30 shuehner Relationship added depends on 0040573
2019-04-10 11:41 shuehner Relationship added depends on 0040574
2019-04-10 12:32 shuehner Relationship added depends on 0040578
2019-04-10 12:36 shuehner Relationship added depends on 0040579
2019-04-10 12:38 shuehner Relationship added depends on 0040580
2019-04-10 12:42 shuehner Relationship added depends on 0040581
2019-04-10 12:47 shuehner Relationship added depends on 0040583
2019-04-10 12:53 shuehner Relationship added depends on 0040584
2019-04-10 12:56 shuehner Relationship added depends on 0040585
2019-04-10 17:36 shuehner Relationship added depends on 0040588
2019-04-10 17:57 shuehner Relationship added depends on 0040589
2019-04-10 19:25 shuehner Relationship added depends on 0040590
2019-04-11 09:45 alostale Relationship added depends on 0040591
2019-06-11 09:09 alostale Relationship added depends on 0036239
2019-06-27 18:06 shuehner Relationship added depends on 0041198
2019-07-02 15:39 shuehner Relationship added depends on 0041199
2019-07-02 15:41 shuehner Relationship added depends on 0041231
2019-07-02 15:43 shuehner Relationship added depends on 0041232
2019-07-02 15:46 shuehner Relationship added depends on 0041233
2019-07-02 15:47 shuehner Relationship added depends on 0041234
2019-07-02 15:49 shuehner Relationship added depends on 0041235
2019-07-02 15:51 shuehner Relationship added depends on 0041236
2019-07-02 15:54 shuehner Relationship added depends on 0041237
2019-07-02 15:58 shuehner Relationship added depends on 0041238
2019-07-02 16:02 shuehner Relationship added depends on 0041239
2019-07-02 16:20 shuehner Relationship added depends on 0041240
2019-07-02 16:23 shuehner Relationship added depends on 0041242
2019-07-02 16:25 shuehner Relationship added depends on 0041243
2019-07-02 16:26 shuehner Relationship added depends on 0041244
2019-07-02 16:28 shuehner Relationship added depends on 0041245
2019-07-03 16:46 shuehner Relationship added depends on 0041251
2019-07-03 16:49 shuehner Relationship added depends on 0041252
2019-07-03 16:52 shuehner Relationship added depends on 0041253
2019-07-03 16:57 shuehner Relationship added depends on 0041257
2019-07-04 12:18 shuehner Relationship added depends on 0041273
2019-07-04 12:27 shuehner Relationship added depends on 0041274
2019-07-04 12:38 shuehner Relationship added depends on 0041278
2019-07-04 12:57 shuehner Relationship added depends on 0041280
2019-07-04 13:36 shuehner Relationship added depends on 0041281
2019-07-04 14:03 shuehner Relationship added depends on 0041284
2019-07-04 18:25 shuehner Relationship added depends on 0041289
2019-07-09 09:53 alostale Relationship added related to 0041287
2019-08-28 13:35 Sandrahuguet Relationship added related to 0041711
2020-11-11 14:22 cberner Relationship added related to 0045425
2020-11-12 13:54 cberner Relationship added related to 0045435
2020-11-12 15:29 cberner Relationship added related to 0045436
2020-11-12 16:01 cberner Relationship added related to 0045437
2020-11-25 18:17 cberner Relationship added related to 0045513
2022-02-01 08:07 alostale Assigned To platform => Triage Platform Base
2023-02-14 12:27 shuehner Relationship added depends on 0051591
2023-02-14 12:46 shuehner Relationship added depends on 0051592
2023-02-14 13:10 shuehner Relationship added depends on 0051593
2023-02-14 13:31 shuehner Relationship added depends on 0051594
2023-02-14 13:53 shuehner Relationship added depends on 0051596
2023-02-15 16:45 shuehner Relationship added depends on 0051618
2023-02-20 14:35 shuehner Relationship added depends on 0051647
2023-02-22 15:30 shuehner Relationship added depends on 0051676

Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker