-
Type: Bug Report
-
Status: Closed
-
Priority: Minor
-
Resolution: Fixed
-
Affects Version/s: 5.1.2-B2
-
Fix Version/s: 5.1.3-B1
-
Component/s: Database
-
Labels:None
-
External issue URL:
-
Change Log Message:Fixes form value not escaped in kLEFTFormatter class
-
External issue ID:1014
-
Copy Issue Key:
-
Patch Instructions:
In-Portal uses formatter classes to transform database values into human readable form and back.
Class kLEFTFormatter in particular is used along with user selectors to convert username selected into ID and back. I've recently discovered, that it doesn't escape value from the form before checking it's presence in database resulting sql error, when username has ' in it.