Uploaded image for project: 'Apache Fineract'
  1. Apache Fineract
  2. FINERACT-1156

SQL injection error with Run Reports

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.5.0
    • Component/s: None
    • Labels:
      None

      Description

      As reported by Matt
      He faced the SQL injection error while trying to run reports for Active Loans (Pentaho).

      After investigating a bit, I found all the report names that had a "(" faced this issue, this turns out to be a problem with the regex that was designed to accept the report names.

      Unrelated:
      This module has a lot of SQL string concatenation and a good place to use our SQLbuilder module ( I will take this)

        Attachments

        1. screenshot-1.png
          307 kB
          Manthan Surkar

          Issue Links

            Activity

              People

              • Assignee:
                manthan Manthan Surkar
                Reporter:
                manthan Manthan Surkar
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: