Bug 837993 - Search Fields can be duped to search for different content using HQL
Search Fields can be duped to search for different content using HQL
Status: CLOSED CURRENTRELEASE
Product: PressGang CCMS
Classification: Community
Component: Web-UI (Show other bugs)
1.x
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Lee Newson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-06 00:12 EDT by Lee Newson
Modified: 2013-07-01 19:33 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-07-01 19:33:14 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Lee Newson 2012-07-06 00:12:07 EDT
You can enter any HQL into most of the search fields and get custom content. It doesn't appear as though you could do much dmg though as you can't use semicolons in HQL.
Comment 1 Lee Newson 2012-11-22 23:13:36 EST
Fixed in build 20121123-1253.

The backend search now uses the JPA Criteria API to perform all queries. This binds parameters so that they are parsed as a value and won't try and parse the entered values as SQL.

Note You need to log in before you can comment on or make changes to this bug.