[
https://issues.apache.org/jira/browse/FINERACT-757?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17184124#comment-17184124
]
Michael Vorburger commented on FINERACT-757:
--------------------------------------------
Oh yes, indeed
[https://github.com/apache/fineract/commit/82568d93bf8234e377dc197b3b3d91bf558a2a45]
shows that this IS on develop (and thus 1.4.0)... all good, sorry for the
confusion!
> Client list retrieval returns emtpy result when using search parameter
> ----------------------------------------------------------------------
>
> Key: FINERACT-757
> URL: https://issues.apache.org/jira/browse/FINERACT-757
> Project: Apache Fineract
> Issue Type: Bug
> Components: Client
> Reporter: Angel Cajas
> Assignee: Santosh Math
> Priority: Critical
> Fix For: 1.4.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Client list retrieval while using search parameters returns an empty result.
> While testing /clients endpoint to search clients using search parameters
> such as firstName, secondName or externalId the search gave no results.
> Apparently in the past queries that required given paramaters were built
> concatenating strings and sqlInjection validation was needed and the function
> sqlEncodeString in the class ApiParametersHelper was used for this reason.
> The function validated if parameters contained sqlInjection but also appended
> quotation marks to the the given parameter, however parameters are being
> passed as an object array instead of being appended to the query string so
> this validation isn't needed anymore as it's done by the sqlTemplate class
> used to run the query.
> For example: Calling the sqlEncodeString modified the searchParam "Joe" to
> "'Joe'" adding quotation marks and since there are no clients with quotation
> marks in their name no clients were found and the result was empty.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
