Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0038137
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] A. Platformminorhave not tried2018-03-14 13:132018-03-16 09:00
ReportershuehnerView Statuspublic 
Assigned Toshuehner 
PrioritynormalResolutionfixedFixed in Version3.0PR18Q2
StatusclosedFix in branchFixed in SCM revision72f9f1727bc1
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned Toalostale
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0038137: EntityAccessChecker.initialize is not using bind-variables

DescriptionThis code is not using bind-variables:

      final String tafQryStr = "select ta from " + TableAccess.class.getName()
          + " ta where role.id='" + getRoleId() + "'";
      @SuppressWarnings("unchecked")
      final List<TableAccess> tas = SessionHandler.getInstance().createQuery(tafQryStr).list();

      // and take into account explicit process access
      final String processAccessQryStr = "select p.obuiappProcess.id from "
          + ProcessAccess.class.getName() + " p where p.role.id='" + getRoleId() + "'";
Steps To Reproduce-
TagsPerformance
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
blocks design defect 0038136 acknowledgedTriage Platform Base Tracking issue: Find & Fix queries not using bind-params but embedding values into query string 

-  Notes
(0103287)
hgbot (developer)
2018-03-15 17:27

Repository: erp/devel/pi
Changeset: 72f9f1727bc1613718fd11fc714294c7df86df88
Author: Stefan Hühner <stefan.huehner <at> openbravo.com>
Date: Thu Mar 15 10:41:23 2018 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/72f9f1727bc1613718fd11fc714294c7df86df88 [^]

Fixed 38137. Use-bind parameters instead of mixing data values in hql-String.

---
M src/org/openbravo/dal/security/EntityAccessChecker.java
---
(0103303)
alostale (manager)
2018-03-16 09:00

reviewed + tested

- Issue History
Date Modified Username Field Change
2018-03-14 13:13 shuehner New Issue
2018-03-14 13:13 shuehner Assigned To => platform
2018-03-14 13:13 shuehner Modules => Core
2018-03-14 13:13 shuehner Triggers an Emergency Pack => No
2018-03-14 13:13 shuehner Relationship added blocks 0038136
2018-03-14 16:46 shuehner Assigned To platform => shuehner
2018-03-14 17:27 shuehner Description Updated View Revisions
2018-03-15 17:27 hgbot Checkin
2018-03-15 17:27 hgbot Note Added: 0103287
2018-03-15 17:27 hgbot Status new => resolved
2018-03-15 17:27 hgbot Resolution open => fixed
2018-03-15 17:27 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/72f9f1727bc1613718fd11fc714294c7df86df88 [^]
2018-03-15 17:28 shuehner Review Assigned To => alostale
2018-03-16 08:59 alostale Tag Attached: Performance
2018-03-16 09:00 alostale Note Added: 0103303
2018-03-16 09:00 alostale Status resolved => closed
2018-03-16 09:00 alostale Fixed in Version => 3.0PR18Q2


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker