[GitHub] [fineract] vorburger commented on a change in pull request #1123: FINERACT-854 Removed string concatenated SQL from CenterReadPlatform

[GitBox]

vorburger commented on a change in pull request #1123:
URL: https://github.com/apache/fineract/pull/1123#discussion_r459150693



##########
File path: 
fineract-provider/src/main/java/org/apache/fineract/portfolio/group/service/CenterReadPlatformServiceImpl.java
##########
@@ -122,55 +122,26 @@ public CenterReadPlatformServiceImpl(final 
PlatformSecurityContext context, fina
     // 'g.' preffix because of ERROR 1052 (23000): Column 'column_name' in 
where
     // clause is ambiguous
     // caused by the same name of columns in m_office and m_group tables
-    private String getCenterExtraCriteria(String schemaSl, List<Object> 
paramList, final SearchParameters searchCriteria) {
+    private SQLBuilder getCenterExtraCriteria(String schemaSl, final 
SearchParameters searchCriteria) {
 
-        StringBuilder extraCriteria = new StringBuilder(200);
-        extraCriteria.append(" and g.level_id = " + GroupTypes.CENTER.getId());
+        SQLBuilder extraCriteria = new SQLBuilder();
+        extraCriteria.addCriteria("g.level_id =", GroupTypes.CENTER.getId());
         if (searchCriteria != null) {
             String sqlQueryCriteria = searchCriteria.getSqlSearch();
             if (StringUtils.isNotBlank(sqlQueryCriteria)) {
                 SQLInjectionValidator.validateSQLInput(sqlQueryCriteria);
                 sqlQueryCriteria = sqlQueryCriteria.replace(" display_name ", 
" g.display_name ");
                 sqlQueryCriteria = sqlQueryCriteria.replace("display_name ", 
"g.display_name ");
-                extraCriteria.append(" and 
(").append(sqlQueryCriteria).append(") ");
-                this.columnValidator.validateSqlInjection(schemaSl, 
sqlQueryCriteria);

Review comment:
       We can't (shouldn't) merge this PR as is, because it will break support 
for `sqlSearch`. We need to EITHER support it here, OR (my preference) should 
just cleanly remove it all together - as (now) suggested in 
https://issues.apache.org/jira/browse/FINERACT-1095.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org