HSAdmin Backend Domains, E-Mail, Datenbanken
parent: 19845dac | patch | commit | ignore whitespace
Peter Hormanns
2011-10-03 b14a49b786036800332966304bb59d351d406300 
Pruefung auf ungueltige Where-Parameter
1 files modified
5 ■■■■ changed files
hsarback/src/de/hsadmin/cliClientConnector/CLIClientConnectorServlet.java 5 ●●●● patch | view | raw | blame | history 
 hsarback/src/de/hsadmin/cliClientConnector/CLIClientConnectorServlet.java


@@ -203,9 +203,10 @@


     * 


     * @return queryString a query string that can be used to select the


     *         required Objects


     * @throws ServletException 


     */


    private String buildQuery(Class<?> eType, Map<String, String> where,


            ArrayList<String> oids) {


            ArrayList<String> oids) throws ServletException {


        String rval = "";




        boolean first = true;


@@ -217,6 +218,8 @@


                rval += (first ? "" : " and ") 


                    + "(obj." + AbstractEntity.escapeString(kname) + " = '" + AbstractEntity.escapeString(where.get(k)) + "')";


                first = false;


            } else {


                throw new ServletException("illegal input\nunknown field: " + k);


            }


        }