Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0045425
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] A. Platformminorhave not tried2020-11-11 14:192020-11-12 10:11
ReportercbernerView Statuspublic 
Assigned Tocberner 
PrioritynormalResolutionfixedFixed in VersionPR21Q1
StatusclosedFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned To
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0045425: ParametersActionHandler.onSave is not embedding parameters using OBCriteria

DescriptionParametersActionHandler.onSave method is embedding parameters directly in the OBQuery HQL where clause, it should instead use OBCriteria.

Relevant code:
OBQuery<ParameterValue> obq = OBDal.getInstance()
      .createQuery(ParameterValue.class,
         dbFilterProperty + " = :filter and parameter = :param")
Steps To ReproduceIn description.
Proposed SolutionUse OBCriteria instead.
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
related to design defect 0038136 acknowledgedplatform Tracking issue: Find & Fix queries not using bind-params but embedding values into query string 

-  Notes
(0124281)
hgbot (developer)
2020-11-11 14:23

Merge Request created: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/224 [^]
(0124282)
cberner (developer)
2020-11-11 14:25

Test Plan:
1. Login
2. Add a new widget(User Defined HTML Widget) from left panel.
3. Complete fields and save, this will trigger the modified query.
(0124302)
hgbot (developer)
2020-11-12 10:11

Merge request merged: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/224 [^]
(0124303)
hgbot (developer)
2020-11-12 10:11

Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/openbravo [^]
Changeset: a422ed1ff10a79c4089ef78913da2ad5643cef77
Author: Cristian Berner <cristian.berner@openbravo.com>
Date: 2020-11-12T09:10:53+00:00
URL: https://gitlab.com/openbravo/product/openbravo/-/commit/a422ed1ff10a79c4089ef78913da2ad5643cef77 [^]

Fixes ISSUE-45425: ParametersActionHandler.onSave is embedding parameters wrongly

ParametersActionHandler.onSave method is embedding parameters directly
in the OBQuery HQL where clause. This fixes it by using OBCriteria
instead, which is also safer.

Also a minor refactor has been done:
* f assignment was unneded, we only care about the exception
* use proxies instead of retrieving the object from db. They are used
  only to check id, there is no need to retrieve it from db, we don't
  care at this stage if the row is even present in db, filter will
  return empty if so.
* parameterize log

---
M modules/org.openbravo.client.application/src/org/openbravo/client/application/ParametersActionHandler.java
---

- Issue History
Date Modified Username Field Change
2020-11-11 14:19 cberner New Issue
2020-11-11 14:19 cberner Assigned To => cberner
2020-11-11 14:19 cberner Modules => Core
2020-11-11 14:19 cberner Triggers an Emergency Pack => No
2020-11-11 14:22 cberner Relationship added related to 0038136
2020-11-11 14:23 hgbot Note Added: 0124281
2020-11-11 14:25 cberner Note Added: 0124282
2020-11-12 10:11 hgbot Resolution open => fixed
2020-11-12 10:11 hgbot Status new => closed
2020-11-12 10:11 hgbot Note Added: 0124302
2020-11-12 10:11 hgbot Fixed in Version => PR21Q1
2020-11-12 10:11 hgbot Note Added: 0124303


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker