Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0009045 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| backport | [Openbravo ERP] A. Platform | major | have not tried | 2009-04-15 15:41 | 2009-05-28 17:11 | |||
| Reporter | shuehner | View Status | public | |||||
| Assigned To | shuehner | |||||||
| Priority | urgent | Resolution | fixed | Fixed in Version | 2.40MP5 | |||
| Status | closed | Fix in branch | 2.40 | Fixed in SCM revision | 8ae20e3dd9a7 | |||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | 2.40 | SCM revision | ||||||
| Review Assigned To | ||||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0009045: SQL injection in selectors | |||||||
| Description | The selector code has issues where it is possible to inject code into the executed SQL statement via crafted parameters coming from the user. | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|||||||||||||||
|
|||||||||||||||
 Relationships |
|
Notes |
|
|
(0016499) shuehner (administrator) 2009-05-20 11:40 |
Issue pending for 2.40 branch to reopen. |
|
(0016565) hgbot (developer) 2009-05-21 18:33 |
Repository: erp/stable/2.40 Changeset: 38f876f4779f9528adc58c2b5e5cced4292e5619 Author: Stefan Hühner <stefan.huehner <at> openbravo.com> Date: Fri May 15 10:58:17 2009 +0200 URL: http://code.openbravo.com/erp/stable/2.40/rev/38f876f4779f9528adc58c2b5e5cced4292e5619 [^] Issue 9045: Preparation: reformat affected selectors --- M src/org/openbravo/erpCommon/info/Account.java M src/org/openbravo/erpCommon/info/BusinessPartner.java M src/org/openbravo/erpCommon/info/BusinessPartnerMultiple.java M src/org/openbravo/erpCommon/info/DebtPayment.java M src/org/openbravo/erpCommon/info/Invoice.java M src/org/openbravo/erpCommon/info/InvoiceLine.java M src/org/openbravo/erpCommon/info/Locator.java M src/org/openbravo/erpCommon/info/Product.java M src/org/openbravo/erpCommon/info/ProductComplete.java M src/org/openbravo/erpCommon/info/ProductMultiple.java M src/org/openbravo/erpCommon/info/Project.java M src/org/openbravo/erpCommon/info/SalesOrder.java M src/org/openbravo/erpCommon/info/SalesOrderLine.java M src/org/openbravo/erpCommon/info/ShipmentReceipt.java M src/org/openbravo/erpCommon/info/ShipmentReceiptLine.java --- |
|
(0016566) hgbot (developer) 2009-05-21 18:33 |
Repository: erp/stable/2.40 Changeset: fa2b7356bd0a6b0fc4787a18f53cd5e4f7062c8d Author: Stefan Hühner <stefan.huehner <at> openbravo.com> Date: Fri May 15 12:13:38 2009 +0200 URL: http://code.openbravo.com/erp/stable/2.40/rev/fa2b7356bd0a6b0fc4787a18f53cd5e4f7062c8d [^] Issue 9045: Validate offset,pageSize to be numeric --- M src/org/openbravo/erpCommon/info/Account.java M src/org/openbravo/erpCommon/info/AccountElementValue.java M src/org/openbravo/erpCommon/info/BusinessPartner.java M src/org/openbravo/erpCommon/info/BusinessPartnerMultiple.java M src/org/openbravo/erpCommon/info/DebtPayment.java M src/org/openbravo/erpCommon/info/Invoice.java M src/org/openbravo/erpCommon/info/InvoiceLine.java M src/org/openbravo/erpCommon/info/Locator.java M src/org/openbravo/erpCommon/info/Product.java M src/org/openbravo/erpCommon/info/ProductComplete.java M src/org/openbravo/erpCommon/info/ProductMultiple.java M src/org/openbravo/erpCommon/info/Project.java M src/org/openbravo/erpCommon/info/SalesOrder.java M src/org/openbravo/erpCommon/info/SalesOrderLine.java M src/org/openbravo/erpCommon/info/ShipmentReceipt.java M src/org/openbravo/erpCommon/info/ShipmentReceiptLine.java --- |
|
(0016567) hgbot (developer) 2009-05-21 18:33 |
Repository: erp/stable/2.40 Changeset: 8ae20e3dd9a79e1b739ab55b7addf61645f5e2a6 Author: Stefan Hühner <stefan.huehner <at> openbravo.com> Date: Mon May 18 15:15:30 2009 +0200 URL: http://code.openbravo.com/erp/stable/2.40/rev/8ae20e3dd9a79e1b739ab55b7addf61645f5e2a6 [^] Fixed 9045: validate orderBy parameters, prepare ordering by multiple columns --- M src/org/openbravo/erpCommon/info/Account.java M src/org/openbravo/erpCommon/info/AccountElementValue.java M src/org/openbravo/erpCommon/info/BusinessPartner.java M src/org/openbravo/erpCommon/info/BusinessPartnerMultiple.java M src/org/openbravo/erpCommon/info/DebtPayment.java M src/org/openbravo/erpCommon/info/Invoice.java M src/org/openbravo/erpCommon/info/InvoiceLine.java M src/org/openbravo/erpCommon/info/Locator.java M src/org/openbravo/erpCommon/info/Product.java M src/org/openbravo/erpCommon/info/ProductComplete.java M src/org/openbravo/erpCommon/info/ProductMultiple.java M src/org/openbravo/erpCommon/info/Project.java M src/org/openbravo/erpCommon/info/SalesOrder.java M src/org/openbravo/erpCommon/info/SalesOrderLine.java M src/org/openbravo/erpCommon/info/ShipmentReceipt.java M src/org/openbravo/erpCommon/info/ShipmentReceiptLine.java A src/org/openbravo/erpCommon/info/SelectorUtility.java --- |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2009-05-15 10:57 | shuehner | Type | defect => backport |
| 2009-05-15 10:57 | shuehner | fix_in_branch | => 2.40 |
| 2009-05-18 15:26 | shuehner | Relationship added | related to 0005301 |
| 2009-05-20 11:40 | shuehner | Note Added: 0016499 | |
| 2009-05-21 18:33 | hgbot | Checkin | |
| 2009-05-21 18:33 | hgbot | Note Added: 0016565 | |
| 2009-05-21 18:33 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/stable/2.40/rev/38f876f4779f9528adc58c2b5e5cced4292e5619 [^] |
| 2009-05-21 18:33 | hgbot | Checkin | |
| 2009-05-21 18:33 | hgbot | Note Added: 0016566 | |
| 2009-05-21 18:33 | hgbot | Fixed in SCM revision | http://code.openbravo.com/erp/stable/2.40/rev/38f876f4779f9528adc58c2b5e5cced4292e5619 [^] => http://code.openbravo.com/erp/stable/2.40/rev/fa2b7356bd0a6b0fc4787a18f53cd5e4f7062c8d [^] |
| 2009-05-21 18:33 | hgbot | Checkin | |
| 2009-05-21 18:33 | hgbot | Note Added: 0016567 | |
| 2009-05-21 18:33 | hgbot | Status | scheduled => resolved |
| 2009-05-21 18:33 | hgbot | Resolution | open => fixed |
| 2009-05-21 18:33 | hgbot | Fixed in SCM revision | http://code.openbravo.com/erp/stable/2.40/rev/fa2b7356bd0a6b0fc4787a18f53cd5e4f7062c8d [^] => http://code.openbravo.com/erp/stable/2.40/rev/8ae20e3dd9a79e1b739ab55b7addf61645f5e2a6 [^] |
| 2009-05-28 16:37 | psarobe | Status | resolved => closed |
| 2009-05-28 17:11 | psarobe | Fixed in Version | => 2.40MP5 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |