[
https://issues.apache.org/jira/browse/FINERACT-757?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Vishwas Babu A J updated FINERACT-757:
--------------------------------------
Priority: Critical (was: Major)
> Client list retrieval returns emtpy result when using search parameter
> ----------------------------------------------------------------------
>
> Key: FINERACT-757
> URL: https://issues.apache.org/jira/browse/FINERACT-757
> Project: Apache Fineract
> Issue Type: Bug
> Components: Client
> Reporter: Angel Cajas
> Assignee: Santosh Math
> Priority: Critical
> Fix For: 1.4.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Client list retrieval while using search parameters returns an empty result.
> While testing /clients endpoint to search clients using search parameters
> such as firstName, secondName or externalId the search gave no results.
> Apparently in the past queries that required given paramaters were built
> concatenating strings and sqlInjection validation was needed and the function
> sqlEncodeString in the class ApiParametersHelper was used for this reason.
> The function validated if parameters contained sqlInjection but also appended
> quotation marks to the the given parameter, however parameters are being
> passed as an object array instead of being appended to the query string so
> this validation isn't needed anymore as it's done by the sqlTemplate class
> used to run the query.
> For example: Calling the sqlEncodeString modified the searchParam "Joe" to
> "'Joe'" adding quotation marks and since there are no clients with quotation
> marks in their name no clients were found and the result was empty.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
