Pruefung auf ungueltige Where-Parameter
This commit is contained in:
parent
19845dacad
commit
b14a49b786
@ -203,9 +203,10 @@ public class CLIClientConnectorServlet extends HttpServlet {
|
||||
*
|
||||
* @return queryString a query string that can be used to select the
|
||||
* required Objects
|
||||
* @throws ServletException
|
||||
*/
|
||||
private String buildQuery(Class<?> eType, Map<String, String> where,
|
||||
ArrayList<String> oids) {
|
||||
ArrayList<String> oids) throws ServletException {
|
||||
String rval = "";
|
||||
|
||||
boolean first = true;
|
||||
@ -217,6 +218,8 @@ public class CLIClientConnectorServlet extends HttpServlet {
|
||||
rval += (first ? "" : " and ")
|
||||
+ "(obj." + AbstractEntity.escapeString(kname) + " = '" + AbstractEntity.escapeString(where.get(k)) + "')";
|
||||
first = false;
|
||||
} else {
|
||||
throw new ServletException("illegal input\nunknown field: " + k);
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user