From b14a49b786036800332966304bb59d351d406300 Mon Sep 17 00:00:00 2001
From: Peter Hormanns <peter.hormanns@hostsharing.net>
Date: Mon, 03 Oct 2011 10:29:30 +0200
Subject: [PATCH] Pruefung auf ungueltige Where-Parameter

---
 hsarback/src/de/hsadmin/cliClientConnector/CLIClientConnectorServlet.java |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/hsarback/src/de/hsadmin/cliClientConnector/CLIClientConnectorServlet.java b/hsarback/src/de/hsadmin/cliClientConnector/CLIClientConnectorServlet.java
index b4316f9..0d7d932 100644
--- a/hsarback/src/de/hsadmin/cliClientConnector/CLIClientConnectorServlet.java
+++ b/hsarback/src/de/hsadmin/cliClientConnector/CLIClientConnectorServlet.java
@@ -203,9 +203,10 @@
 	 * 
 	 * @return queryString a query string that can be used to select the
 	 *         required Objects
+	 * @throws ServletException 
 	 */
 	private String buildQuery(Class<?> eType, Map<String, String> where,
-			ArrayList<String> oids) {
+			ArrayList<String> oids) throws ServletException {
 		String rval = "";
 
 		boolean first = true;
@@ -217,6 +218,8 @@
 				rval += (first ? "" : " and ") 
 					+ "(obj." + AbstractEntity.escapeString(kname) + " = '" + AbstractEntity.escapeString(where.get(k)) + "')";
 				first = false;
+			} else {
+				throw new ServletException("illegal input\nunknown field: " + k);
 			}
 		}
 

--
Gitblit v1.9.0-SNAPSHOT