You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@fineract.apache.org by "Joseph Irungu (Jira)" <ji...@apache.org> on 2021/05/01 05:06:00 UTC
[jira] [Commented] (FINERACT-1338) SQL Injection - While
"runreports" api is trying to load report parameters
[ https://issues.apache.org/jira/browse/FINERACT-1338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17337723#comment-17337723 ]
Joseph Irungu commented on FINERACT-1338:
-----------------------------------------
Hi,
As per code review comments on PR
https://github.com/apache/fineract/pull/1671
We agreed to create a separate pull request for run reports bug. So it was
removed from FINERACT-854
See FINERACT-1345 Pull Request https://github.com/apache/fineract/pull/1693
PR # 1693 <https://github.com/apache/fineract/pull/1693> is pending one
reviewer. So the fix for run reports error hasn't arrived in the main
branch yet.
On Fri, Apr 30, 2021 at 10:28 PM Francis Guchie (Jira) <ji...@apache.org>
--
mak
> SQL Injection - While "runreports" api is trying to load report parameters
> --------------------------------------------------------------------------
>
> Key: FINERACT-1338
> URL: https://issues.apache.org/jira/browse/FINERACT-1338
> Project: Apache Fineract
> Issue Type: Bug
> Reporter: Francis Guchie
> Assignee: Francis Guchie
> Priority: Major
> Attachments: image-2021-03-31-15-53-00-571.png, image-2021-04-04-15-56-40-189.png
>
>
> After solving the error at FINERACT-1336 a new error shows up.
> while api - runreports
> fineract-provider/api/v1/runreports/OfficeIdSelectOne?parameterType=true
> is spooling the report parameters, user will not see any error on the UI
> !image-2021-03-31-15-53-00-571.png!
> but looking through the console OR postman you see error below
> {
> "developerMessage": "The request was invalid. This typically will happen due to validation errors which are provided.",
> "httpStatusCode": "400",
> "defaultUserMessage": "Unexpected SQL Commands found",
> *"userMessageGlobalisationCode": "error.msg.found.sql.injection"*
> }
--
This message was sent by Atlassian Jira
(v8.3.4#803005)