You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@fineract.apache.org by "Michael Vorburger (Jira)" <ji...@apache.org> on 2021/03/14 10:27:00 UTC

[jira] [Resolved] (FINERACT-1156) SQL injection error with Run Reports

     [ https://issues.apache.org/jira/browse/FINERACT-1156?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Michael Vorburger resolved FINERACT-1156.
-----------------------------------------
    Resolution: Fixed

> SQL injection error with Run Reports
> ------------------------------------
>
>                 Key: FINERACT-1156
>                 URL: https://issues.apache.org/jira/browse/FINERACT-1156
>             Project: Apache Fineract
>          Issue Type: Bug
>            Reporter: Manthan Surkar
>            Assignee: Manthan Surkar
>            Priority: Major
>             Fix For: 1.5.0
>
>         Attachments: screenshot-1.png
>
>
> As reported by Matt 
> He faced the SQL injection error while trying to run reports for Active Loans (Pentaho).
> After investigating a bit, I found all the report names that had a "(" faced this issue, this turns out to be a problem with the regex that was designed to accept the report names.
>  !screenshot-1.png! 
> Unrelated: 
> This module has a lot of SQL string concatenation and a good place to use our SQLbuilder module ( I will take this)
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)