Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
As reported by Matt
He faced the SQL injection error while trying to run reports for Active Loans (Pentaho).
After investigating a bit, I found all the report names that had a "(" faced this issue, this turns out to be a problem with the regex that was designed to accept the report names.
Unrelated:
This module has a lot of SQL string concatenation and a good place to use our SQLbuilder module ( I will take this)
Attachments
Attachments
Issue Links
- Blocked
-
FINERACT-1305 Release Apache Fineract v1.5.0
- Resolved
- links to