[Oscarmcmaster-cvscommit] oscar_mcmaster/web/WEB-INF/classes/src/oscar/login LoginCheckLoginBean.j

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Update of /cvsroot/oscarmcmaster/oscar_mcmaster/web/WEB-INF/classes/src/oscar/login
In directory sc8-pr-cvs3.sourceforge.net:/tmp/cvs-serv23688/web/WEB-INF/classes/src/oscar/login

Modified Files:
	LoginCheckLoginBean.java 
Log Message:
fixed some possible security risks


Index: LoginCheckLoginBean.java
===================================================================
RCS file: /cvsroot/oscarmcmaster/oscar_mcmaster/web/WEB-INF/classes/src/oscar/login/LoginCheckLoginBean.java,v
retrieving revision 1.16
retrieving revision 1.17
diff -C2 -d -r1.16 -r1.17
*** LoginCheckLoginBean.java	12 Nov 2006 00:21:53 -0000	1.16
--- LoginCheckLoginBean.java	24 Mar 2007 19:01:25 -0000	1.17
***************
*** 20,23 ****
--- 20,24 ----
  import java.util.Properties;
  
+ import org.apache.commons.lang.StringEscapeUtils;
  import org.apache.log4j.Logger;
  
***************
*** 135,139 ****
  
              accessDB = new DBHelp();
!             String sql = "select * from security where user_name = '" + username + "'";
              ResultSet rs = accessDB.searchDBRecord(sql);
              while (rs.next()) {
--- 136,141 ----
  
              accessDB = new DBHelp();
!             
!             String sql = "select * from security where user_name = '" + StringEscapeUtils.escapeSql(username) + "'";
              ResultSet rs = accessDB.searchDBRecord(sql);
              while (rs.next()) {

[Oscarmcmaster-cvscommit] oscar_mcmaster/web/WEB-INF/classes/src/oscar/login LoginCheckLoginBean.j

open source web-based Electronic Medical Record (EMR) system

[Oscarmcmaster-cvscommit] oscar_mcmaster/web/WEB-INF/classes/src/oscar/login LoginCheckLoginBean.java, 1.16, 1.17