midsuit
/
core-jgi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

IDEMPIERE-68 Current record could disappear after executing a button - Fix security issue reported by jdcs

This commit is contained in:
Carlos Ruiz 2012-04-05 13:37:42 -05:00
parent 7b08667d3f
commit 1ed38faaf8
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
org.adempiere.base/src/org/compiere/model/GridTable.java
View File

@ -351,7 +351,7 @@ public class GridTable extends AbstractTableModel
// WHERE // WHERE
if (m_whereClause.length() > 0) if (m_whereClause.length() > 0)
{ {
where.append(" WHERE "); where.append(" WHERE (");
if (m_whereClause.indexOf('@') == -1) if (m_whereClause.indexOf('@') == -1)
where.append(m_whereClause); where.append(m_whereClause);
else // replace variables else // replace variables
@ -367,6 +367,7 @@ public class GridTable extends AbstractTableModel
where.append(" 1 = 2 "); where.append(" 1 = 2 ");
} }
} }
where.append(")");
} }
if (m_onlyCurrentRows && m_TabNo == 0) if (m_onlyCurrentRows && m_TabNo == 0)
{ {
@ -2847,7 +2848,7 @@ public class GridTable extends AbstractTableModel
String whereClause = m_whereClause; String whereClause = m_whereClause;
if (m_whereClause != null && m_whereClause.trim().length() > 0) if (m_whereClause != null && m_whereClause.trim().length() > 0)
{ {
m_whereClause = "(" + m_whereClause + ") OR (" + retainedWhere + ") "; m_whereClause = "((" + m_whereClause + ") OR (" + retainedWhere + ")) ";
} }
open(m_maxRows); open(m_maxRows);
m_whereClause = whereClause; m_whereClause = whereClause;