[
https://issues.apache.org/jira/browse/SLING-8413?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16837296#comment-16837296
]
Thomas Mueller commented on SLING-8413:
---------------------------------------
A possible patch (without test case):
{noformat}
diff --git a/src/main/java/org/apache/sling/event/impl/jobs/JobManagerImpl.java
b/src/main/java/org/apache/sling/event/impl/jobs/JobManagerImpl.java
index 91aae3b..1ca7c0f 100644
--- a/src/main/java/org/apache/sling/event/impl/jobs/JobManagerImpl.java
+++ b/src/main/java/org/apache/sling/event/impl/jobs/JobManagerImpl.java
@@ -27,6 +27,7 @@ import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
+import java.util.Objects;
import org.apache.jackrabbit.util.ISO9075;
import org.apache.sling.api.resource.LoginException;
@@ -394,7 +395,7 @@ public class JobManagerImpl
buf.append(ISO9075.encode(ResourceHelper.PROPERTY_JOB_TOPIC));
if (topic != null) {
buf.append(" = '");
- buf.append(topic);
+ buf.append(topic.replaceAll("'", "''"));
buf.append("'");
}
@@ -502,7 +503,8 @@ public class JobManagerImpl
case GREATER_OR_EQUALS : buf.append(">="); break;
}
buf.append(" '");
- buf.append(current.getValue());
+ String value = Objects.toString(current.getValue());
+ buf.append(value.replaceAll("'", "''"));
buf.append("'");
}
buf.append(')');
{noformat}
> JobManagerImpl.findJobs does not escape some values when running queries
> ------------------------------------------------------------------------
>
> Key: SLING-8413
> URL: https://issues.apache.org/jira/browse/SLING-8413
> Project: Sling
> Issue Type: Bug
> Components: Event
> Reporter: Thomas Mueller
> Priority: Major
>
> For SLING-8407 [~egli] found that JobManagerImpl.findJobs doesn't escape some
> values when building a JCR query. Values need to be escaped.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
