]
Nick Stuart updated JBPM-2902:
------------------------------
Attachment: 2902-patch.txt
Suggested patch to add needed parameters and remove simple concatenation.
Parameterize TaskQueryImpl values
---------------------------------
Key: JBPM-2902
URL:
https://jira.jboss.org/browse/JBPM-2902
Project: jBPM
Issue Type: Bug
Security Level: Public(Everyone can see)
Affects Versions: jBPM 4.3
Reporter: Nick Stuart
Attachments: 2902-patch.txt
Currently all values except for groups and assignee are simply concatenated onto the
query, this is pretty dangerous and breaks items when it should. For example I have a task
name with a ' in the name, and if I try to query for that task I get an HQL error
because it's not properly terminated.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: