You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@fineract.apache.org by GitBox <gi...@apache.org> on 2019/05/28 05:15:45 UTC

[GitHub] [fineract] angelboxes opened a new pull request #572: FINERACT-757: Client list retrieval returns emtpy result when using search parameter

angelboxes opened a new pull request #572: FINERACT-757: Client list retrieval returns emtpy result when using search parameter
URL: https://github.com/apache/fineract/pull/572
 
 
   ## Description
   While testing /clients endpoint to search clients using search parameters such as firstName, secondName or externalId the search gave no results. 
   
   Apparently in the past queries that required given paramaters were built concatenating strings and sqlInjection validation was needed and the function sqlEncodeString in the class ApiParametersHelper was used for this reason.
   
   The function validated if parameters contained sqlInjection but also appended quotation marks to the the given parameter, however parameters are being passed as an object array instead of being appended to the query string so this validation isn't needed anymore as it's done by the sqlTemplate class used to run the query.  
   
   For example: Calling the sqlEncodeString modified the searchParam "Joe" to "'Joe'" adding quotation marks and since there are no clients with quotation marks in their name no clients were found and the result was empty.
   
   ## Checklist
   Please make sure these boxes are checked before submitting your pull request - thanks!
   
   - [ ] Commit message starts with the issue number from https://issues.apache.org/jira/projects/FINERACT/. Ex: FINERACT-646 Pockets API.
   
   - [ ] Coding conventions at https://cwiki.apache.org/confluence/display/FINERACT/Coding+Conventions have been followed.
   
   - [ ] API documentation at https://github.com/apache/fineract/blob/develop/api-docs/apiLive.htm has been updated with details of any API changes.
   
   - [ ] Integration tests have been created/updated for verifying the changes made.
   
   - [ ] All Integrations tests are passing with the new commits.
   
   - [ ] Submission is not a "code dump".  (Large changes can be made "in repository" via a branch.  Ask on the list.)
   
   Our guidelines for code reviews is at https://cwiki.apache.org/confluence/display/FINERACT/Code+Review+Guide
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services