You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@fineract.apache.org by vi...@apache.org on 2019/05/28 16:52:21 UTC

[fineract] branch develop updated: FINERACT-757: Use of sqlEncodeString function isn't needed as parameters are passed as an array of Objects and SqlInjection validation is done by Spring JdbcTemplate.

This is an automated email from the ASF dual-hosted git repository.

vishwasbabu pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/fineract.git


The following commit(s) were added to refs/heads/develop by this push:
     new 82568d9  FINERACT-757: Use of sqlEncodeString function isn't needed as parameters are passed as an array of Objects and SqlInjection validation is done by Spring JdbcTemplate.
     new cc05940  Merge pull request #572 from angelboxes/FINERACT-757
82568d9 is described below

commit 82568d93bf8234e377dc197b3b3d91bf558a2a45
Author: Angel Cajas <an...@gmail.com>
AuthorDate: Mon May 27 22:49:37 2019 -0600

    FINERACT-757: Use of sqlEncodeString function isn't needed as parameters are passed as an array of Objects and SqlInjection validation is done by Spring JdbcTemplate.
---
 .../portfolio/client/service/ClientReadPlatformServiceImpl.java   | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/fineract-provider/src/main/java/org/apache/fineract/portfolio/client/service/ClientReadPlatformServiceImpl.java b/fineract-provider/src/main/java/org/apache/fineract/portfolio/client/service/ClientReadPlatformServiceImpl.java
index 2dde52b..1e45cc7 100644
--- a/fineract-provider/src/main/java/org/apache/fineract/portfolio/client/service/ClientReadPlatformServiceImpl.java
+++ b/fineract-provider/src/main/java/org/apache/fineract/portfolio/client/service/ClientReadPlatformServiceImpl.java
@@ -251,7 +251,7 @@ public class ClientReadPlatformServiceImpl implements ClientReadPlatformService
         }
 
         if (externalId != null) {
-        	paramList.add(ApiParameterHelper.sqlEncodeString(externalId));
+        	paramList.add(externalId);
             extraCriteria += " and c.external_id like ? " ;
         }
 
@@ -262,17 +262,17 @@ public class ClientReadPlatformServiceImpl implements ClientReadPlatformService
         }
 
         if (firstname != null) {
-        	paramList.add(ApiParameterHelper.sqlEncodeString(firstname));
+        	paramList.add(firstname);
             extraCriteria += " and c.firstname like ? " ;
         }
 
         if (lastname != null) {
-        	paramList.add(ApiParameterHelper.sqlEncodeString(lastname));
+        	paramList.add(lastname);
             extraCriteria += " and c.lastname like ? ";
         }
 
         if (searchParameters.isScopedByOfficeHierarchy()) {
-        	paramList.add(ApiParameterHelper.sqlEncodeString(searchParameters.getHierarchy() + "%"));
+        	paramList.add(searchParameters.getHierarchy() + "%");
             extraCriteria += " and o.hierarchy like ? ";
         }