midsuit
/
core-jgi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[ 1686876 ] ValuePreference class: SQL Injection 

http://sourceforge.net/tracker/index.php?func=detail&aid=1686876&group_id=176962&atid=879332
This commit is contained in:
teo_sarca 2007-03-23 15:39:19 +00:00
parent eb78424ef6
commit a193de0152
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
client/src/org/compiere/grid/ed/ValuePreference.java
View File

@ -475,7 +475,7 @@ public class ValuePreference extends CDialog
else
sql.append("NULL,");
//
sql.append("'").append(m_Attribute).append("','").append(m_Value).append("')");
sql.append(DB.TO_STRING(m_Attribute)).append(",").append(DB.TO_STRING(m_Value)).append(")");
//
log.fine( sql.toString());
no = DB.executeUpdate(sql.toString(), null);