Code Review
/
portal.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
Fix sql injection vulnerability
[portal.git]
/
ecomp-portal-BE-common
/
src
/
main
/
java
/
org
/
onap
/
portalapp
/
portal
/
service
/
UserRolesCommonServiceImpl.java
diff --git
a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
index
5d9761c
..
14f3972
100644
(file)
--- a/
ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
+++ b/
ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
@@
-271,7
+271,10
@@
public class UserRolesCommonServiceImpl {
transaction = localSession.beginTransaction();
@SuppressWarnings("unchecked")
List<EPUser> userList = localSession
transaction = localSession.beginTransaction();
@SuppressWarnings("unchecked")
List<EPUser> userList = localSession
- .createQuery("from " + EPUser.class.getName() + " where orgUserId='" + userId + "'").list();
+ .createQuery("from :name where orgUserId=:userId")
+ .setParameter("name",EPUser.class.getName())
+ .setParameter("userId",userId)
+ .list();
if (userList.size() > 0) {
EPUser client = userList.get(0);
roleActive = ("DELETE".equals(reqType)) ? "" : " and role.active = 'Y'";
if (userList.size() > 0) {
EPUser client = userList.get(0);
roleActive = ("DELETE".equals(reqType)) ? "" : " and role.active = 'Y'";