thesmallstar opened a new pull request #1159:
URL: https://github.com/apache/fineract/pull/1159
This happened due to
```
if (searchParameters.isOrderByRequested()) {
sqlBuilder.append(" order by
").append(searchParameters.getOrderBy()).append('
').append(searchParameters.getSortOrder());
this.columnValidator.validateSqlInjection(sqlBuilder.toString(),
searchParameters.getOrderBy(),
searchParameters.getSortOrder());
}
```
-> here, we incorrectly checked if OrderBY was not null but did not check if
sortorder was "not null".
Instead of fixing it here, it is better to fix it in the called function
(IMO).
Since the function SQLvalidateinput can be called either from
columnValidator or independently, I have added check for not null at both the
places.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
