[FINERACT-757] Client list retrieval returns emtpy result when using search parameter - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.4.0
Component/s: Client
Labels:
None

Description

Client list retrieval while using search parameters returns an empty result.

While testing /clients endpoint to search clients using search parameters such as firstName, secondName or externalId the search gave no results.

Apparently in the past queries that required given paramaters were built concatenating strings and sqlInjection validation was needed and the function sqlEncodeString in the class ApiParametersHelper was used for this reason.

The function validated if parameters contained sqlInjection but also appended quotation marks to the the given parameter, however parameters are being passed as an object array instead of being appended to the query string so this validation isn't needed anymore as it's done by the sqlTemplate class used to run the query.

For example: Calling the sqlEncodeString modified the searchParam "Joe" to "'Joe'" adding quotation marks and since there are no clients with quotation marks in their name no clients were found and the result was empty.

Attachments

Issue Links

is part of

FINERACT-877 Release Apache Fineract v1.3.1

Resolved

links to

GitHub Pull Request #572

Activity

People

Assignee:: Santosh Math

Reporter:: Angel Cajas

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 22/May/19 21:32

Updated:: 25/Aug/20 15:23

Resolved:: 28/May/19 16:53

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

20m