You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@fineract.apache.org by "Francis Guchie (Jira)" <ji...@apache.org> on 2021/04/04 22:10:00 UTC
[jira] [Closed] (FINERACT-1338) SQL Injection - While "runreports"
api is trying to load report parameters
[ https://issues.apache.org/jira/browse/FINERACT-1338?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Francis Guchie closed FINERACT-1338.
------------------------------------
Resolution: Resolved
Thanks to [~josemakara] this issue is automatically corrected by his [PR 1671|https://github.com/apache/fineract/pull/1671]
> SQL Injection - While "runreports" api is trying to load report parameters
> --------------------------------------------------------------------------
>
> Key: FINERACT-1338
> URL: https://issues.apache.org/jira/browse/FINERACT-1338
> Project: Apache Fineract
> Issue Type: Bug
> Reporter: Francis Guchie
> Assignee: Francis Guchie
> Priority: Major
> Attachments: image-2021-03-31-15-53-00-571.png, image-2021-04-04-15-56-40-189.png
>
>
> After solving the error at FINERACT-1336 a new error shows up.
> while api - runreports
> fineract-provider/api/v1/runreports/OfficeIdSelectOne?parameterType=true
> is spooling the report parameters, user will not see any error on the UI
> !image-2021-03-31-15-53-00-571.png!
> but looking through the console OR postman you see error below
> {
> "developerMessage": "The request was invalid. This typically will happen due to validation errors which are provided.",
> "httpStatusCode": "400",
> "defaultUserMessage": "Unexpected SQL Commands found",
> *"userMessageGlobalisationCode": "error.msg.found.sql.injection"*
> }
--
This message was sent by Atlassian Jira
(v8.3.4#803005)