fineract-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From nazeer1100...@apache.org
Subject fineract git commit: FINERACT-439
Date Tue, 18 Jul 2017 07:22:29 GMT
Repository: fineract
Updated Branches:
  refs/heads/develop 12f80f4ad -> ee21ab8c5


FINERACT-439


Project: http://git-wip-us.apache.org/repos/asf/fineract/repo
Commit: http://git-wip-us.apache.org/repos/asf/fineract/commit/ee21ab8c
Tree: http://git-wip-us.apache.org/repos/asf/fineract/tree/ee21ab8c
Diff: http://git-wip-us.apache.org/repos/asf/fineract/diff/ee21ab8c

Branch: refs/heads/develop
Commit: ee21ab8c5b4f75fd7f7a9e86558675ae605adb24
Parents: 12f80f4
Author: Nazeer Hussain Shaik <nazeer.shaik@confluxtechnologies.com>
Authored: Tue Jul 18 12:42:22 2017 +0530
Committer: Nazeer Hussain Shaik <nazeer.shaik@confluxtechnologies.com>
Committed: Tue Jul 18 12:42:22 2017 +0530

----------------------------------------------------------------------
 .../infrastructure/security/utils/SQLInjectionValidator.java       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/fineract/blob/ee21ab8c/fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/utils/SQLInjectionValidator.java
----------------------------------------------------------------------
diff --git a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/utils/SQLInjectionValidator.java
b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/utils/SQLInjectionValidator.java
index 03785e0..ef28243 100644
--- a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/utils/SQLInjectionValidator.java
+++ b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/utils/SQLInjectionValidator.java
@@ -30,7 +30,7 @@ public class SQLInjectionValidator {
 
 	private final static String[] COMMENTS = { "--", "({", "/*", "#" };
 
-	private final static String SQL_PATTERN = "[a-zA-Z_=,'!><.?\"`% ()0-9]*";
+	private final static String SQL_PATTERN = "[a-zA-Z_=,\\-'!><.?\"`% ()0-9]*";
 
 	public final static void validateSQLInput(final String sqlSearch) {
 		String lowerCaseSQL = sqlSearch.toLowerCase();


Mime
View raw message