ezolnbl-dpc commented on code in PR #2659:
URL: https://github.com/apache/fineract/pull/2659#discussion_r994873701
##########
fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/utils/SQLInjectionValidator.java:
##########
@@ -35,7 +35,7 @@ private SQLInjectionValidator() {
private static final String[] COMMENTS = { "--", "({", "/*", "#" };
- private static final String SQL_PATTERN = "[a-zA-Z_=,\\-'!><.?\"`%
()0-9*\n\r]*";
+ private static final String SQL_PATTERN = "[a-zA-Z_=,\\-:'!><.?\"`%
()0-9*\n\r]*";
Review Comment:
I don't want to touch it, the function needs it. If you want to search for a
date like this: 2100-12-12 20:20:20. The current implementation will treat it
as SQL injection however it is not. I will write some testcases for it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
