manifoldcf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl Wright (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CONNECTORS-1019) The Folder picker in the Job Path fails when the Livelink folder has an apostrophe in it
Date Fri, 29 Aug 2014 13:12:53 GMT

    [ https://issues.apache.org/jira/browse/CONNECTORS-1019?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14115232#comment-14115232
] 

Karl Wright commented on CONNECTORS-1019:
-----------------------------------------

Hi David,

As you know, LAPI does not permit us to form SQL directly.  So this sounds like not only a
bug in LAPI/Livelink, but a potential SQL injection security risk also.  So I highly recommend
that you make OpenText aware of this flaw.

The Livelink connector can work around it, of course, but really that should not be our job.

> The Folder picker in the Job Path fails when the Livelink folder has an apostrophe in
it
> ----------------------------------------------------------------------------------------
>
>                 Key: CONNECTORS-1019
>                 URL: https://issues.apache.org/jira/browse/CONNECTORS-1019
>             Project: ManifoldCF
>          Issue Type: Bug
>    Affects Versions: ManifoldCF 1.5.1
>            Reporter: David Morana
>            Priority: Minor
>             Fix For: ManifoldCF 1.7, ManifoldCF 2.0
>
>         Attachments: apostrophe-error.jpg
>
>
> In the folder picker for a Job Path; Lapi throws a SQL error while trying to retrieve
a Folder with an apostrophe in it. 
> I simply removed the ' and the folder was added.
> So, special characters need to be escaped in the folder picker when retrieving Livelink
folders.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message