You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@fineract.apache.org by "Michael Vorburger (Jira)" <ji...@apache.org> on 2021/03/14 10:27:00 UTC
[jira] [Resolved] (FINERACT-1156) SQL injection error with Run
Reports
[ https://issues.apache.org/jira/browse/FINERACT-1156?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Vorburger resolved FINERACT-1156.
-----------------------------------------
Resolution: Fixed
> SQL injection error with Run Reports
> ------------------------------------
>
> Key: FINERACT-1156
> URL: https://issues.apache.org/jira/browse/FINERACT-1156
> Project: Apache Fineract
> Issue Type: Bug
> Reporter: Manthan Surkar
> Assignee: Manthan Surkar
> Priority: Major
> Fix For: 1.5.0
>
> Attachments: screenshot-1.png
>
>
> As reported by Matt
> He faced the SQL injection error while trying to run reports for Active Loans (Pentaho).
> After investigating a bit, I found all the report names that had a "(" faced this issue, this turns out to be a problem with the regex that was designed to accept the report names.
> !screenshot-1.png!
> Unrelated:
> This module has a lot of SQL string concatenation and a good place to use our SQLbuilder module ( I will take this)
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)