[MGNLREST-125] Parameter of filtering/searching should be sql2 encoded Created: 10/Oct/17  Updated: 27/Oct/17  Resolved: 26/Oct/17

Status: Closed
Project: Magnolia REST Framework
Component/s: None
Affects Version/s: None
Fix Version/s: 2.0

Type: Bug Priority: Neutral
Reporter: Sang Ngo Huu Assignee: Hieu Nguyen Duc
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: 0d
Time Spent: 3d 1.5h
Original Estimate: 2d

Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:
Epic Link: REST Queries
Sprint: Saigon 118, Saigon 119
Story Points: 3

 Description   

If I pass a part of query in parameter such as ?mgnl:template=travel-demo:pages/a' or [mgnl:template]='travel-demo:pages/home' and [mgnl:template]='travel-demo:pages/home in filtering endpoint, the query string is generated property. So the parameter should be encoded in filtering/searching. Notice the (single quote)

In log:
INFO  info.magnolia.rest.delivery.jcr.QueryBuilder      : SQL statement is SELECT t.* FROM [nt:base] AS t WHERE (t.[jcr:primaryType] = 'mgnl:page' OR t.[jcr:primaryType] = 'mgnl:area' OR t.[jcr:primaryType] = 'mgnl:component') AND (t.[mgnl:template] = 'travel-demo:pages/a' OR t.[mgnl:template] = 'travel-demo:pages/home' AND t.[mgnl:template] = 'travel-demo:pages/home') ORDER BY LOWER(NAME(t))

Sample URL:
http://localhost:8080/magnoliaAuthor/.rest/delivery/website/v1?mgnl:template=travel-demo:pages/a%27%20or%20[mgnl:template]=%27travel-demo:pages/home%27%20and%20[mgnl:template]=%27travel-demo:pages/home



 Comments   
Comment by Dai Ha [ 27/Oct/17 ]

verify with bundle magnolia-enterprise-pro-demo-bundle-5.6-20171026.155703-186-tomcat-bundle.zip
query before the fix:

SELECT t.* FROM [nt:base] AS t WHERE (t.[jcr:primaryType] = 'mgnl:page' OR t.[jcr:primaryType] = 'mgnl:area' OR t.[jcr:primaryType] = 'mgnl:component') AND t.[mgnl:template] = 'travel-demo:pages/a'' or [mgnl:template]=''travel-demo:pages/home'' and [mgnl:template]=''travel-demo:pages/home' ORDER BY LOWER(NAME(t))

query after the fix:

SELECT t.* FROM [nt:base] AS t WHERE (t.[jcr:primaryType] = 'mgnl:page' OR t.[jcr:primaryType] = 'mgnl:area' OR t.[jcr:primaryType] = 'mgnl:component') AND (t.[mgnl:template] = 'travel-demo:pages/a' OR t.[mgnl:template] = 'travel-demo:pages/home' AND t.[mgnl:template] = 'travel-demo:pages/home') ORDER BY LOWER(NAME(t))
Generated at Mon Feb 12 06:56:51 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.