You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@fineract.apache.org by "Michael Vorburger (Jira)" <ji...@apache.org> on 2020/09/23 21:30:00 UTC

[jira] [Commented] (FINERACT-1156) SQL injection error with Run Reports

    [ https://issues.apache.org/jira/browse/FINERACT-1156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17201105#comment-17201105 ] 

Michael Vorburger commented on FINERACT-1156:
---------------------------------------------

https://github.com/apache/fineract/pull/1344

> SQL injection error with Run Reports
> ------------------------------------
>
>                 Key: FINERACT-1156
>                 URL: https://issues.apache.org/jira/browse/FINERACT-1156
>             Project: Apache Fineract
>          Issue Type: Bug
>            Reporter: Manthan Surkar
>            Assignee: Manthan Surkar
>            Priority: Major
>             Fix For: 1.5.0
>
>         Attachments: screenshot-1.png
>
>
> As reported by Matt 
> He faced the SQL injection error while trying to run reports for Active Loans (Pentaho).
> After investigating a bit, I found all the report names that had a "(" faced this issue, this turns out to be a problem with the regex that was designed to accept the report names.
>  !screenshot-1.png! 
> Unrelated: 
> This module has a lot of SQL string concatenation and a good place to use our SQLbuilder module ( I will take this)
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)