Uploaded image for project: 'Apache Fineract'
  1. Apache Fineract
  2. FINERACT-1156

SQL injection error with Run Reports

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.5.0
    • None
    • None

    Description

      As reported by Matt
      He faced the SQL injection error while trying to run reports for Active Loans (Pentaho).

      After investigating a bit, I found all the report names that had a "(" faced this issue, this turns out to be a problem with the regex that was designed to accept the report names.

      Unrelated:
      This module has a lot of SQL string concatenation and a good place to use our SQLbuilder module ( I will take this)

      Attachments

        1. screenshot-1.png
          307 kB
          Manthan Surkar

        Issue Links

          Blocked

          New Feature - A new feature of the product, which has yet to be developed. FINERACT-1305 Release Apache Fineract v1.5.0

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #1344

          Activity

            People

              manthan Manthan Surkar
              manthan Manthan Surkar
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: