Bug 869459
Summary: | Topic title search field does not escape apostrophe in search string | ||
---|---|---|---|
Product: | [Community] PressGang CCMS | Reporter: | Joshua Wulf <jwulf> |
Component: | Web-UI | Assignee: | pressgang-ccms-dev |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 1.0 | CC: | lcarlon, lnewson |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-07-02 00:57:58 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Joshua Wulf
2012-10-24 01:23:47 UTC
Fixed in build 20121123-1253. Cause: The query wasn't using the parameter binding to bind the passed values to a query, as such if you entered any form of HQL you could execute it to some extent (see Bug #837993). Consequence: If you used certain values in a search the search would either return unexpected results or throw an exception. Fix: Ensure that all user passed parameters are bound using prepared statements. In this case I used the JPA Criteria API to rewrite the backend Query Builders. |