Pruefung auf ungueltige Where-Parameter

This commit is contained in:
Peter Hormanns 2011-10-03 08:29:30 +00:00
parent 19845dacad
commit b14a49b786

View File

@ -203,9 +203,10 @@ public class CLIClientConnectorServlet extends HttpServlet {
*
* @return queryString a query string that can be used to select the
* required Objects
* @throws ServletException
*/
private String buildQuery(Class<?> eType, Map<String, String> where,
ArrayList<String> oids) {
ArrayList<String> oids) throws ServletException {
String rval = "";
boolean first = true;
@ -217,6 +218,8 @@ public class CLIClientConnectorServlet extends HttpServlet {
rval += (first ? "" : " and ")
+ "(obj." + AbstractEntity.escapeString(kname) + " = '" + AbstractEntity.escapeString(where.get(k)) + "')";
first = false;
} else {
throw new ServletException("illegal input\nunknown field: " + k);
}
}