![]() |
|
|
|
|
Issue Type:
|
![Bug]() Bug
|
|
Affects Versions:
|
5.2 |
|
Assignee:
|
Unassigned |
|
Components:
|
workbench |
|
Created:
|
14/Jan/14 5:50 PM
|
|
Description:
|
Search for something containing a ' in a list view generates an exception as user data input isn't escaped.
Log output:
2014-01-14 16:33:18,729 WARN gnolia.ui.workbench.container.AbstractJcrContainer: Could not update size with statement: select * from [nt:base] as t where ( ISDESCENDANTNODE('/articles') and ([jcr:primaryType] = 'mgnl:page') and (lower(localname()) LIKE 'sadf asd'%' or t.['sadf asd''] IS NOT NULL or contains(t.*, 'sadf asd')) ): javax.jcr.query.InvalidQueryException: Query:
select * from [nt:base] as t where ( ISDESCENDANTNODE('/articles') and ([jcr:primaryType] = 'mgnl:page') and (lower(localname()) LIKE 'sadf asd'%![]() ' or t.['sadf asd''] IS NOT NULL or contains(t.*, 'sadf asd')) ); expected: )
|
|
Project:
|
Magnolia UI
|
|
Priority:
|
![Major]() Major
|
|
Reporter:
|
Michal Čudrnák
|
|
Security Level:
|
Public |
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
----------------------------------------------------------------
For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: <
[email protected]>
----------------------------------------------------------------
