Uploaded image for project: 'Magnolia UI'
  1. Magnolia UI
  2. MGNLUI-2581

Search queries not escaped in SearchJcrContainer

    XMLWordPrintable

Details

    • Bug
    • Resolution: Obsolete
    • Major
    • None
    • 5.2
    • workbench
    • None

    Description

      Search for something containing a ' in a list view generates an exception as user data input isn't escaped.

      Log output:

      2014-01-14 16:33:18,729 WARN gnolia.ui.workbench.container.AbstractJcrContainer: Could not update size with statement: select * from [nt:base] as t where ( ISDESCENDANTNODE('/articles') and ([jcr:primaryType] = 'mgnl:page') and (lower(localname()) LIKE 'sadf asd'%' or t.['sadf asd''] IS NOT NULL or contains(t.*, 'sadf asd')) ): javax.jcr.query.InvalidQueryException: Query:
      select * from [nt:base] as t where ( ISDESCENDANTNODE('/articles') and ([jcr:primaryType] = 'mgnl:page') and (lower(localname()) LIKE 'sadf asd'%' or t.['sadf asd''] IS NOT NULL or contains(t.*, 'sadf asd')) ); expected: )

      Checklists

        Acceptance criteria

        Attachments

          Activity

            People

              Unassigned Unassigned
              coudy Michal Čudrnák
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Checklists

                  Bug DoR
                  Task DoD