[Openutils-svn] SF.net SVN: openutils: [655] trunk/openutils-hibernate-security/src/main/ java/it/openutils/hibernate/security/filter/JavaBeanFilter.java

[<fc...@us...>]

Revision: 655
          http://openutils.svn.sourceforge.net/openutils/?rev=655&view=rev
Author:   fcarone
Date:     2008-02-20 02:27:15 -0800 (Wed, 20 Feb 2008)

Log Message:
-----------
Escape SQL for filter value.

Modified Paths:
--------------
    trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/JavaBeanFilter.java

Modified: trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/JavaBeanFilter.java
===================================================================
--- trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/JavaBeanFilter.java	2008-02-20 10:22:01 UTC (rev 654)
+++ trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/JavaBeanFilter.java	2008-02-20 10:27:15 UTC (rev 655)
@@ -30,7 +30,9 @@
 import javax.persistence.Entity;
 import javax.persistence.Table;
 
+import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
+import org.dbunit.dataset.csv.handlers.EscapeHandler;
 import org.hibernate.Filter;
 import org.hibernate.HibernateException;
 import org.hibernate.engine.FilterDefinition;
@@ -172,7 +174,7 @@
                 {
                     subFilterCond.append(startQuote);
                 }
-                subFilterCond.append(securityRule.getValue());
+                subFilterCond.append(StringEscapeUtils.escapeSql(securityRule.getValue()));
                 if (StringUtils.isNotEmpty(endQuote))
                 {
                     subFilterCond.append(endQuote);


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.