This is an automated email from the ASF dual-hosted git repository.
lgcareer pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/incubator-dolphinscheduler.git
The following commit(s) were added to refs/heads/dev by this push:
new 9de7d3c [FIX-3573][DAO] potential horizontal unauthorized access
(#3880)
9de7d3c is described below
commit 9de7d3c7725588393b4e90bef28697dda4b20f5d
Author: bao liang <[email protected]>
AuthorDate: Mon Oct 12 10:23:44 2020 +0800
[FIX-3573][DAO] potential horizontal unauthorized access (#3880)
* fix bug[#3573] potential horizontal unauthorized access
* fix bug[#3573] potential horizontal unauthorized access
Co-authored-by: baoliang <[email protected]>
---
.../org/apache/dolphinscheduler/dao/mapper/ProcessInstanceMapper.xml | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git
a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/ProcessInstanceMapper.xml
b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/ProcessInstanceMapper.xml
index 831c4a9..83864b5 100644
---
a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/ProcessInstanceMapper.xml
+++
b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/ProcessInstanceMapper.xml
@@ -167,7 +167,7 @@
<select id="queryLastRunningProcess"
resultType="org.apache.dolphinscheduler.dao.entity.ProcessInstance">
select *
from t_ds_process_instance
- where 1=1
+ where process_definition_id=#{processDefinitionId}
<if test="states !=null and states.length != 0">
and state in
<foreach collection="states" item="i" index="index" open="("
separator="," close=")">
@@ -175,7 +175,6 @@
</foreach>
</if>
<if test="startTime!=null and endTime != null ">
- and process_definition_id=#{processDefinitionId}
and (schedule_time <![CDATA[ >= ]]> #{startTime} and schedule_time
<![CDATA[ <= ]]> #{endTime}
or start_time <![CDATA[ >= ]]> #{startTime} and start_time
<![CDATA[ <= ]]> #{endTime})
</if>
