[pi-security-hqlinjection] Send a boolean
authorNaroa Iriarte <naroa.iriarte@openbravo.com>
Tue, 19 Jan 2016 10:55:51 +0100
changeset 28932 d239cb280bb9
parent 28931 4373adf6942a
child 28933 1741dde0c320
[pi-security-hqlinjection] Send a boolean

Only send a boolean parameter that is true when a filter is applied in
the grid. And do not show the query in the view of the window.
modules/org.openbravo.client.application/src/org/openbravo/client/application/templates/ob-view-grid.js.ftl
modules/org.openbravo.client.application/web/org.openbravo.client.application/js/grid/ob-view-grid.js
--- a/modules/org.openbravo.client.application/src/org/openbravo/client/application/templates/ob-view-grid.js.ftl	Mon Jan 18 18:03:20 2016 +0100
+++ b/modules/org.openbravo.client.application/src/org/openbravo/client/application/templates/ob-view-grid.js.ftl	Tue Jan 19 10:55:51 2016 +0100
@@ -23,23 +23,17 @@
     view: this,
     uiPattern: '${data.uiPattern}', 
      
-    <#if data.whereClause != "">
-        whereClause: '${data.whereClause?js_string}',
-    </#if>
     <#if data.orderByClause != "">
         orderByClause: '${data.orderByClause?js_string}',
     </#if>
     <#if data.sortField != "">
         sortField: '${data.sortField?js_string}',
     </#if>
-    <#if data.filterClause != "">
-        filterClause: '${data.filterClause?js_string}',
-    </#if>
     <#if data.hasFilterClause == true>
-        existsFilterClause: true,
+        filterClause: true,
     </#if>
     <#if data.hasFilterClause == false>
-        existsFilterClause: false,
+        filterClause: false,
     </#if>
     <#if data.filterName != "">
         filterName: '${data.filterName?js_string}',
--- a/modules/org.openbravo.client.application/web/org.openbravo.client.application/js/grid/ob-view-grid.js	Mon Jan 18 18:03:20 2016 +0100
+++ b/modules/org.openbravo.client.application/web/org.openbravo.client.application/js/grid/ob-view-grid.js	Tue Jan 19 10:55:51 2016 +0100
@@ -2296,7 +2296,6 @@
     // add all the new session properties context info to the requestProperties
     isc.addProperties(params, this.view.getContextInfo(true, false));
 
-    params[isc.OBViewGrid.EXISTS_FILTER_CLAUSE] = this.tabHasFilterClause();
     params[isc.OBViewGrid.IS_FILTER_CLAUSE_APPLIED] = this.tabHasFilterClauseApplied();
 
     if (this.isSorting) {
@@ -2329,14 +2328,6 @@
     return params;
   },
 
-  tabHasFilterClause: function () {
-    if (this.filterClause || this.whereClause) {
-      return true;
-    } else {
-      return false;
-    }
-  },
-
   tabHasFilterClauseApplied: function () {
     if (this.filterClause) {
       return true;