Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0008579 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] A. Platform | major | have not tried | 2009-04-15 15:41 | 2009-06-04 00:00 | |||
| Reporter | shuehner | View Status | public | |||||
| Assigned To | shuehner | |||||||
| Priority | urgent | Resolution | fixed | Fixed in Version | ||||
| Status | closed | Fix in branch | pi | Fixed in SCM revision | 68ba24ee1a88 | |||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | 2.40 | SCM revision | ||||||
| Merge Request Status | ||||||||
| Review Assigned To | ||||||||
| OBNetwork customer | No | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Support ticket | ||||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0008579: SQL injection in selectors | |||||||
| Description | The selector code has issues where it is possible to inject code into the executed SQL statement via crafted parameters coming from the user. | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||||||||||||||||
|
||||||||||||||||||||||
 Relationships |
|
Notes |
|
|
(0016309) shuehner (administrator) 2009-05-13 09:02 |
Updated to urgent as discussed with iciordia |
|
(0016381) hgbot (developer) 2009-05-15 12:13 |
Repository: erp/devel/pi Changeset: d4fedb1b06c242856f0ae288fd2972f43c04eced Author: Stefan Hühner <stefan.huehner <at> openbravo.com> Date: Fri May 15 12:13:10 2009 +0200 URL: http://code.openbravo.com/erp/devel/pi/rev/d4fedb1b06c242856f0ae288fd2972f43c04eced [^] Issue 8579: Validate offset,pageSize to the numeric --- M src/org/openbravo/erpCommon/info/Account.java M src/org/openbravo/erpCommon/info/AccountElementValue.java M src/org/openbravo/erpCommon/info/BusinessPartner.java M src/org/openbravo/erpCommon/info/BusinessPartnerMultiple.java M src/org/openbravo/erpCommon/info/DebtPayment.java M src/org/openbravo/erpCommon/info/Invoice.java M src/org/openbravo/erpCommon/info/InvoiceLine.java M src/org/openbravo/erpCommon/info/Locator.java M src/org/openbravo/erpCommon/info/Product.java M src/org/openbravo/erpCommon/info/ProductComplete.java M src/org/openbravo/erpCommon/info/ProductMultiple.java M src/org/openbravo/erpCommon/info/Project.java M src/org/openbravo/erpCommon/info/SalesOrder.java M src/org/openbravo/erpCommon/info/SalesOrderLine.java M src/org/openbravo/erpCommon/info/ShipmentReceipt.java M src/org/openbravo/erpCommon/info/ShipmentReceiptLine.java --- |
|
(0016425) hgbot (developer) 2009-05-18 15:16 |
Repository: erp/devel/pi Changeset: 68ba24ee1a88f95d7c2727454331f052809d9468 Author: Stefan Hühner <stefan.huehner <at> openbravo.com> Date: Mon May 18 15:16:36 2009 +0200 URL: http://code.openbravo.com/erp/devel/pi/rev/68ba24ee1a88f95d7c2727454331f052809d9468 [^] Fixed 8579: validate orderBy parameters, prepare ordering by multiple columns --- M src/org/openbravo/erpCommon/info/Account.java M src/org/openbravo/erpCommon/info/AccountElementValue.java M src/org/openbravo/erpCommon/info/BusinessPartner.java M src/org/openbravo/erpCommon/info/BusinessPartnerMultiple.java M src/org/openbravo/erpCommon/info/DebtPayment.java M src/org/openbravo/erpCommon/info/Invoice.java M src/org/openbravo/erpCommon/info/InvoiceLine.java M src/org/openbravo/erpCommon/info/Locator.java M src/org/openbravo/erpCommon/info/Product.java M src/org/openbravo/erpCommon/info/ProductComplete.java M src/org/openbravo/erpCommon/info/ProductMultiple.java M src/org/openbravo/erpCommon/info/Project.java M src/org/openbravo/erpCommon/info/SalesOrder.java M src/org/openbravo/erpCommon/info/SalesOrderLine.java M src/org/openbravo/erpCommon/info/ShipmentReceipt.java M src/org/openbravo/erpCommon/info/ShipmentReceiptLine.java A src/org/openbravo/erpCommon/info/SelectorUtility.java --- |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2009-04-15 15:41 | shuehner | New Issue | |
| 2009-04-15 15:41 | shuehner | Assigned To | => rafaroda |
| 2009-04-15 15:41 | shuehner | OBNetwork customer | => No |
| 2009-04-15 15:41 | shuehner | Regression testing | => No |
| 2009-04-15 15:41 | shuehner | Assigned To | rafaroda => shuehner |
| 2009-04-22 20:04 | psarobe | Status | new => scheduled |
| 2009-04-22 20:04 | psarobe | fix_in_branch | => pi |
| 2009-05-13 09:02 | shuehner | Note Added: 0016309 | |
| 2009-05-13 09:02 | shuehner | Priority | normal => urgent |
| 2009-05-13 09:02 | shuehner | fix_in_branch | pi => |
| 2009-05-15 10:57 | shuehner | Status | scheduled => acknowledged |
| 2009-05-15 10:57 | shuehner | Status | acknowledged => scheduled |
| 2009-05-15 10:57 | shuehner | fix_in_branch | => pi |
| 2009-05-15 12:13 | hgbot | Checkin | |
| 2009-05-15 12:13 | hgbot | Note Added: 0016381 | |
| 2009-05-15 12:13 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/d4fedb1b06c242856f0ae288fd2972f43c04eced [^] |
| 2009-05-18 15:16 | hgbot | Checkin | |
| 2009-05-18 15:16 | hgbot | Note Added: 0016425 | |
| 2009-05-18 15:16 | hgbot | Status | scheduled => resolved |
| 2009-05-18 15:16 | hgbot | Resolution | open => fixed |
| 2009-05-18 15:16 | hgbot | Fixed in SCM revision | http://code.openbravo.com/erp/devel/pi/rev/d4fedb1b06c242856f0ae288fd2972f43c04eced [^] => http://code.openbravo.com/erp/devel/pi/rev/68ba24ee1a88f95d7c2727454331f052809d9468 [^] |
| 2009-05-18 15:24 | shuehner | Relationship added | related to 0005236 |
| 2009-05-18 15:34 | shuehner | Relationship added | related to 0009074 |
| 2009-06-03 12:00 | psarobe | Status | resolved => closed |
| 2009-06-04 00:00 | anonymous | sf_bug_id | 0 => 2800770 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |