Skip to content
Permalink
Browse files Browse the repository at this point in the history
Avoid SQL Injection
  • Loading branch information
danynab committed Mar 14, 2015
1 parent e49962f commit c3085e0
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 3 deletions.
3 changes: 2 additions & 1 deletion app/business/impl/ReviewServiceImpl.java
@@ -1,6 +1,7 @@
package business.impl;

import business.ReviewService;
import com.avaje.ebean.Expr;
import models.Review;
import play.db.ebean.Model;

Expand All @@ -22,7 +23,7 @@ public List<Review> getByMovieId(int movieId) {

@Override
public Review getByMovieIdAndUsername(int movieId, String username) {
return find.where("movieId = " + movieId + " and username = '" + username + "'").findUnique();
return find.where().and(Expr.eq("movieId", movieId), Expr.eq("username", username)).findUnique();
}

@Override
Expand Down
4 changes: 2 additions & 2 deletions app/controllers/WebplayerController.java
@@ -1,6 +1,7 @@
package controllers;

import filters.LoginRequiredAction;
import filters.SubscriptionRequiredAction;
import infrastructure.Factories;
import models.Genre;
import models.Movie;
Expand All @@ -19,8 +20,7 @@
/**
* Created by Dani on 14/3/15.
*/
@With(LoginRequiredAction.class)
//@With({LoginRequiredAction.class, SubscriptionRequiredAction.class})
@With({LoginRequiredAction.class, SubscriptionRequiredAction.class})
public class WebplayerController extends Controller {

public static Result showWebplayer() {
Expand Down

0 comments on commit c3085e0

Please sign in to comment.