Details
-
Bug
-
Resolution: Obsolete
-
Major
-
None
-
5.2
-
None
Description
Search for something containing a ' in a list view generates an exception as user data input isn't escaped.
Log output:
2014-01-14 16:33:18,729 WARN gnolia.ui.workbench.container.AbstractJcrContainer: Could not update size with statement: select * from [nt:base] as t where ( ISDESCENDANTNODE('/articles') and ([jcr:primaryType] = 'mgnl:page') and (lower(localname()) LIKE 'sadf asd'%' or t.['sadf asd''] IS NOT NULL or contains(t.*, 'sadf asd')) ): javax.jcr.query.InvalidQueryException: Query:
select * from [nt:base] as t where ( ISDESCENDANTNODE('/articles') and ([jcr:primaryType] = 'mgnl:page') and (lower(localname()) LIKE 'sadf asd'%
' or t.['sadf asd''] IS NOT NULL or contains(t.*, 'sadf asd')) ); expected: )
Checklists
Acceptance criteria