Code Review
/
portal.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
Merge "Fix sql injection vulnerability"
[portal.git]
/
ecomp-portal-widget-ms
/
widget-ms
/
src
/
main
/
java
/
org
/
onap
/
portalapp
/
widget
/
service
/
impl
/
WidgetCatalogServiceImpl.java
diff --git
a/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/service/impl/WidgetCatalogServiceImpl.java
b/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/service/impl/WidgetCatalogServiceImpl.java
index
b99863e
..
59180d3
100644
(file)
--- a/
ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/service/impl/WidgetCatalogServiceImpl.java
+++ b/
ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/service/impl/WidgetCatalogServiceImpl.java
@@
-244,16
+244,15
@@
public class WidgetCatalogServiceImpl implements WidgetCatalogService {
logger.debug("WidgetCatalogServiceImpl.getWidgetCatalog: result={}", widgets);
return widgets;
}
logger.debug("WidgetCatalogServiceImpl.getWidgetCatalog: result={}", widgets);
return widgets;
}
-
-
-
-
-
+
private void updateAppId(long widgetId, Set<RoleApp> roles){
Session session = sessionFactory.openSession();
for(RoleApp role: roles){
private void updateAppId(long widgetId, Set<RoleApp> roles){
Session session = sessionFactory.openSession();
for(RoleApp role: roles){
- String sql = "UPDATE ep_widget_catalog_role SET app_id =
" + role.getApp().getAppId() + " WHERE widget_id = " + widgetId + " AND ROLE_ID = " + role.getRoleId()
;
+ String sql = "UPDATE ep_widget_catalog_role SET app_id =
:appId WHERE widget_id = :widgetId AND ROLE_ID = :roleId"
;
Query query = session.createSQLQuery(sql);
Query query = session.createSQLQuery(sql);
+ query.setParameter("appId", role.getApp().getAppId());
+ query.setParameter("widgetId", widgetId);
+ query.setParameter("roleId", role.getRoleId());
query.executeUpdate();
}
session.flush();
query.executeUpdate();
}
session.flush();