837993 – Search Fields can be duped to search for different content using HQL

Bug 837993 - Search Fields can be duped to search for different content using HQL

Summary: Search Fields can be duped to search for different content using HQL

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	PressGang CCMS
Classification:	Community
Component:	Web-UI
Sub Component:
Version:	1.x
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	---
Assignee:	Lee Newson
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-07-06 04:12 UTC by Lee Newson
Modified:	2013-07-01 23:33 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-07-01 23:33:14 UTC
Embargoed:

Attachments	(Terms of Use)

Description Lee Newson 2012-07-06 04:12:07 UTC

You can enter any HQL into most of the search fields and get custom content. It doesn't appear as though you could do much dmg though as you can't use semicolons in HQL.

Comment 1 Lee Newson 2012-11-23 04:13:36 UTC

Fixed in build 20121123-1253.

The backend search now uses the JPA Criteria API to perform all queries. This binds parameters so that they are parsed as a value and won't try and parse the entered values as SQL.

Note You need to log in before you can comment on or make changes to this bug.