[
https://issues.apache.org/jira/browse/FINERACT-1156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17292484#comment-17292484
]
Aleksandar Vidakovic commented on FINERACT-1156:
------------------------------------------------
[~manthan] [~vorburger] can we close this one? Seems the PR was already merged
a long time ago.
> SQL injection error with Run Reports
> ------------------------------------
>
> Key: FINERACT-1156
> URL: https://issues.apache.org/jira/browse/FINERACT-1156
> Project: Apache Fineract
> Issue Type: Bug
> Reporter: Manthan Surkar
> Assignee: Manthan Surkar
> Priority: Major
> Fix For: 1.5.0
>
> Attachments: screenshot-1.png
>
>
> As reported by Matt
> He faced the SQL injection error while trying to run reports for Active Loans
> (Pentaho).
> After investigating a bit, I found all the report names that had a "(" faced
> this issue, this turns out to be a problem with the regex that was designed
> to accept the report names.
> !screenshot-1.png!
> Unrelated:
> This module has a lot of SQL string concatenation and a good place to use our
> SQLbuilder module ( I will take this)
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
