Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

- More SQL injection prevention

  • Loading branch information...
commit 7fbc9185222292f5e6217d6a970f160d5f24e697 1 parent c680840
@alexbiehl alexbiehl authored
View
3  src/main/java/org/fhw/asta/kasse/client/app/AppActivityMapper.java
@@ -51,7 +51,8 @@ public Activity getActivity(Place place) {
}
if (!sessionManager.isLoggedIn()) {
- return loginActivityFactory.create(new LoginPlace(new LoginToken(Optional.<String>absent(), Optional.of(place))));
+ return loginActivityFactory.create(new LoginPlace(new LoginToken(Optional.<String>absent(), Optional.<Place>absent())));
+// placeController.goTo(new LoginPlace(new LoginToken(Optional.<String>absent(), Optional.of(place))));
}
// INSERT NEW ACTIVITIES AFTER THIS
View
6 src/main/java/org/fhw/asta/kasse/server/dao/ArticleDao.java
@@ -1,16 +1,12 @@
package org.fhw.asta.kasse.server.dao;
-import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
-import java.sql.Statement;
import java.util.List;
import org.fhw.asta.kasse.shared.common.EuroAmount;
import org.fhw.asta.kasse.shared.model.Article;
import org.fhw.asta.kasse.shared.model.Category;
-import org.springframework.dao.DataAccessException;
-import org.springframework.jdbc.core.ConnectionCallback;
import org.springframework.jdbc.core.RowMapper;
import com.google.common.base.Optional;
@@ -51,7 +47,7 @@ public Category mapRow(final ResultSet arg0, final int arg1)
+ "name, description, price, tax_category_name,"
+ "tax_revision, enabled FROM article JOIN category_mapping"
+ " ON article.article_id = category_mapping.article_id AND article.article_revision = category_mapping.article_revision"
- + " WHERE category_id ='"+id+"' AND enabled = true;",
+ + " WHERE category_id = ? AND enabled = true;", new Object[] { id },
new ArticleRowMapper());
}
View
1  src/main/java/org/fhw/asta/kasse/server/dao/BillOrderDao.java
@@ -8,7 +8,6 @@
import org.fhw.asta.kasse.shared.basket.BasketItem;
import org.fhw.asta.kasse.shared.common.EuroAmount;
import org.fhw.asta.kasse.shared.model.BillOrder;
-import org.fhw.asta.kasse.shared.model.OrderState;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.jdbc.core.RowMapper;
import org.springframework.jdbc.core.SqlOutParameter;
View
1  src/main/java/org/fhw/asta/kasse/server/dao/UserDao.java
@@ -32,6 +32,7 @@ public Person mapRow(ResultSet arg0, int arg1) throws SQLException {
public boolean exists(String ldapName) {
return getPersonById(ldapName).isPresent();
}
+
public Optional<Person> getPersonById(final String ldapName) {
return queryForObject("SELECT p1.* FROM person p1 WHERE p1.ldap_name = ? AND p1.revision ="
+ "(SELECT MAX(p2.revision) FROM person p2 WHERE p2.ldap_name = p1.ldap_name)", new Object[]{ldapName}, new PersonRowMapper());
Please sign in to comment.
Something went wrong with that request. Please try again.