[MGNLREST-125] Parameter of filtering/searching should be sql2 encoded Created: 10/Oct/17 Updated: 27/Oct/17 Resolved: 26/Oct/17 |
|
| Status: | Closed |
| Project: | Magnolia REST Framework |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 2.0 |
| Type: | Bug | Priority: | Neutral |
| Reporter: | Sang Ngo Huu | Assignee: | Hieu Nguyen Duc |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | 0d | ||
| Time Spent: | 3d 1.5h | ||
| Original Estimate: | 2d | ||
| Template: |
|
| Acceptance criteria: |
Empty
|
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
| Date of First Response: | |
| Epic Link: | REST Queries |
| Sprint: | Saigon 118, Saigon 119 |
| Story Points: | 3 |
| Description |
|
If I pass a part of query in parameter such as ?mgnl:template=travel-demo:pages/a' or [mgnl:template]='travel-demo:pages/home' and [mgnl:template]='travel-demo:pages/home in filtering endpoint, the query string is generated property. So the parameter should be encoded in filtering/searching. Notice the (single quote) In log: INFO info.magnolia.rest.delivery.jcr.QueryBuilder : SQL statement is SELECT t.* FROM [nt:base] AS t WHERE (t.[jcr:primaryType] = 'mgnl:page' OR t.[jcr:primaryType] = 'mgnl:area' OR t.[jcr:primaryType] = 'mgnl:component') AND (t.[mgnl:template] = 'travel-demo:pages/a' OR t.[mgnl:template] = 'travel-demo:pages/home' AND t.[mgnl:template] = 'travel-demo:pages/home') ORDER BY LOWER(NAME(t)) |
| Comments |
| Comment by Dai Ha [ 27/Oct/17 ] |
|
verify with bundle magnolia-enterprise-pro-demo-bundle-5.6-20171026.155703-186-tomcat-bundle.zip SELECT t.* FROM [nt:base] AS t WHERE (t.[jcr:primaryType] = 'mgnl:page' OR t.[jcr:primaryType] = 'mgnl:area' OR t.[jcr:primaryType] = 'mgnl:component') AND t.[mgnl:template] = 'travel-demo:pages/a'' or [mgnl:template]=''travel-demo:pages/home'' and [mgnl:template]=''travel-demo:pages/home' ORDER BY LOWER(NAME(t)) query after the fix: SELECT t.* FROM [nt:base] AS t WHERE (t.[jcr:primaryType] = 'mgnl:page' OR t.[jcr:primaryType] = 'mgnl:area' OR t.[jcr:primaryType] = 'mgnl:component') AND (t.[mgnl:template] = 'travel-demo:pages/a' OR t.[mgnl:template] = 'travel-demo:pages/home' AND t.[mgnl:template] = 'travel-demo:pages/home') ORDER BY LOWER(NAME(t)) |