Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-12916

Fix STARTSWITH '%s' bad escaping

    XMLWordPrintable

    Details

      Description

      See NXP-12672 for the base ticket. Some code does

      String nxql = String.format("... STARTSWITH '%s'...", ..., path, ...);

      Where the path is not escaped. For safety this should be:

      String nxql = String.format("... STARTSWITH %s ...", ..., NXQL.escapeString(path), ...);

        Attachments

          Issue Links

          depends on

          Bug - A problem which impairs or prevents the functions of the product. NXP-12672 Crash when using quote in domain name

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: