This is an automated email from the ASF dual-hosted git repository.
shruthirajaram pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/fineract.git
The following commit(s) were added to refs/heads/develop by this push:
new 40b2427 FINERACT-682: SQL injection impact fixes
new 3c21ae1 Merge pull request #508 from ShruthiRajaram/FINERACT-682
40b2427 is described below
commit 40b24272ed3f6ad7573c07b55b6aa6004b2083e4
Author: ShruthiRajaram <[email protected]>
AuthorDate: Thu Jan 10 12:17:31 2019 +0530
FINERACT-682: SQL injection impact fixes
---
.../infrastructure/dataqueries/service/ReadReportingServiceImpl.java | 1 -
1 file changed, 1 deletion(-)
diff --git
a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/ReadReportingServiceImpl.java
b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/ReadReportingServiceImpl.java
index d83b3c4..6342206 100644
---
a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/ReadReportingServiceImpl.java
+++
b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/ReadReportingServiceImpl.java
@@ -223,7 +223,6 @@ public class ReadReportingServiceImpl implements
ReadReportingService {
final String inputSql = "select " + type + "_sql as the_sql from
stretchy_" + type + " where " + type + "_name = '" + name + "'";
validateReportName(name);
- this.columnValidator.validateSqlInjection(inputSql, name);
final String inputSqlWrapped =
this.genericDataService.wrapSQL(inputSql);
