[WT-5532] Getting server error :save admin user with Single quote In USER id - Workterra Jira

Details

Type: Bug
Status: Closed
Priority: Medium
Resolution: Done
Affects Version/s: None
Fix Version/s: None
Component/s: Platform
Labels:
None

Module:
BenAdmin
Reported by:
Harbinger
Item State:
Production Complete - Closed
Issue Importance:
Good To Have

Description

Getting Server error: Admin User page
1]add User ID:Single quote:
2]Click on save button
3]Getting Server error
Refer attached screen shots:
below is error Log:

ErrorID : 0
ErrorSource : ControllerAppTier.GetData->WORKTERRAControllerAppTier.GetData->AdminUser.GetData->AdminUser.GetAdminUserForGivenName->CommonBusinessRoutines.GetSingleValue
ErrorMessage: Incorrect syntax near 'Donald'.
Unclosed quotation mark after the character string ' AND Users.SystemUserID = SystemUsers.ID '.
StackTrace: at WORKTERRA.Shared.WORKTERRAControllerAppTier.GetData(WORKTERRAControllerWebTierEntity objWORKTERRAControllerWebTierEntity)
at WORKTERRA.ControllerAppTier.GetData(Int32 intProjectsId, String strInput)
TargetSite: System.String GetData(WORKTERRA.Shared.WORKTERRAControllerWebTierEntity)

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

Admin_User.png
236 kB
18/Oct/16 09:53 AM
Alecto_Critical_ill.png
251 kB
04/Nov/16 06:27 AM

Activity

Ascending order - Click to sort in descending order

Rashmita Dudhe (Inactive) created issue - 18/Oct/16 09:53 AM

Rashmita Dudhe (Inactive) made changes - 18/Oct/16 09:54 AM

Field	Original Value	New Value
Assignee	Vijay Siddha [ vijays ]	Vijayendra Shinde [ ID10506 ]

Hide

Permalink

Vijayendra Shinde (Inactive) added a comment - 18/Oct/16 06:20 PM

Hi Rashmita Dudhe,

When we enter single quote in username, while checking if that user already exists in system or not, it was throwing an error during query execution.

We have fixed this issue. Code has been checked in into LB.

Prasad Pise,
Can we try sql injection on this username input of Partner/Broker page and Admin page?

Thanks.
CC: Samir, Vijay Siddha, Rakesh Roy, Satya

Show

Vijayendra Shinde (Inactive) added a comment - 18/Oct/16 06:20 PM Hi Rashmita Dudhe , When we enter single quote in username, while checking if that user already exists in system or not, it was throwing an error during query execution. We have fixed this issue. Code has been checked in into LB. Prasad Pise , Can we try sql injection on this username input of Partner/Broker page and Admin page? Thanks. CC: Samir , Vijay Siddha , Rakesh Roy , Satya

Vijayendra Shinde (Inactive) made changes - 18/Oct/16 06:20 PM

Status

Open [ 1 ]

In Development [ 10007 ]

Vijayendra Shinde (Inactive) made changes - 18/Oct/16 06:22 PM

Code Reviewed By		Saurabh Sablaka [ 11909 ]
Component/s		Platform [ 10006 ]
Dev Due Date		19/Oct/2016
Developer		Vijayendra Shinde [ ID10506 ]
Issue Importance		Good To Have [ 11802 ]
Item State		Parent values: Development(10200)Level 1 values: Ready for Local Testing(10209)

Vijayendra Shinde (Inactive) made changes - 18/Oct/16 06:23 PM

Assignee

Vijayendra Shinde [ ID10506 ]

Rashmita Dudhe [ rashmita.dudhe ]

Khandu Kshirsagar (Inactive) made changes - 19/Oct/16 06:00 AM

Item State

Parent values: Development(10200)Level 1 values: Ready for Local Testing(10209)

Parent values: LB QA(10201)Level 1 values: LB Deployed(11600)

Hide

Permalink

Rashmita Dudhe (Inactive) added a comment - 19/Oct/16 06:50 AM

Verified on Lb Environment.
For admin user with Single quote In USER id is successfully saved.
also check by login to the system.
working fine

Show

Rashmita Dudhe (Inactive) added a comment - 19/Oct/16 06:50 AM Verified on Lb Environment. For admin user with Single quote In USER id is successfully saved. also check by login to the system. working fine

Rashmita Dudhe (Inactive) made changes - 19/Oct/16 06:51 AM

Item State

Parent values: LB QA(10201)Level 1 values: LB Deployed(11600)

Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213)

Rashmita Dudhe (Inactive) made changes - 19/Oct/16 06:51 AM

Status

In Development [ 10007 ]

Local Testing [ 10200 ]

Khandu Kshirsagar (Inactive) made changes - 24/Oct/16 06:47 AM

Item State

Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213)

Parent values: Stage QA(10202)Level 1 values: Stage Deployed(11602)

Hide

Permalink

Rashmita Dudhe (Inactive) added a comment - 24/Oct/16 11:38 AM

Verified on Stage Environment.
For admin user with Single quote In USER id is successfully saved.
also check by login to the system.
working fine

Show

Rashmita Dudhe (Inactive) added a comment - 24/Oct/16 11:38 AM Verified on Stage Environment. For admin user with Single quote In USER id is successfully saved. also check by login to the system. working fine

Rashmita Dudhe (Inactive) made changes - 24/Oct/16 11:39 AM

Item State

Parent values: Stage QA(10202)Level 1 values: Stage Deployed(11602)

Parent values: Stage QA(10202)Level 1 values: Ready for Production(10217)

Rashmita Dudhe (Inactive) made changes - 26/Oct/16 06:46 AM

Status

Local Testing [ 10200 ]

Stage Testing [ 10201 ]

Ashwin Wankhede (Inactive) made changes - 03/Nov/16 10:01 AM

Item State

Parent values: Stage QA(10202)Level 1 values: Ready for Production(10217)

Parent values: Production QA(10203)Level 1 values: Production Deployed(10221)

Rakesh Roy (Inactive) made changes - 03/Nov/16 12:28 PM

Issue Category

EBS [ 10350 ]

Harbinger [ 10700 ]

Rashmita Dudhe (Inactive) made changes - 04/Nov/16 06:27 AM

Attachment

Alecto_Critical_ill.png [ 31304 ]

Hide

Permalink

Vijayendra Shinde (Inactive) added a comment - 04/Nov/16 05:04 PM

Hi Rashmita Dudhe,

I guess you attached some different JIRA ticket image in this ticket.

Please confirm.

CC: Samir, Vijay Siddha, Rakesh Roy

Show

Vijayendra Shinde (Inactive) added a comment - 04/Nov/16 05:04 PM Hi Rashmita Dudhe , I guess you attached some different JIRA ticket image in this ticket. Please confirm. CC: Samir , Vijay Siddha , Rakesh Roy

Rakesh Roy (Inactive) made changes - 04/Nov/16 05:08 PM

Status

Stage Testing [ 10201 ]

Production Testing [ 10202 ]

Rakesh Roy (Inactive) made changes - 07/Nov/16 06:00 PM

Resolution		Fixed [ 1 ]
Status	Production Testing [ 10202 ]	Production Complete [ 10028 ]

Rakesh Roy (Inactive) made changes - 07/Nov/16 06:00 PM

Item State

Parent values: Production QA(10203)Level 1 values: Production Deployed(10221)

Parent values: Production Complete(10222)Level 1 values: Closed(10223)

Rashmita Dudhe (Inactive) made changes - 24/Mar/17 06:08 AM

Status

Production Complete [ 10028 ]

Closed [ 6 ]

Transition	Time In Source Status	Execution Times

Vijayendra Shinde (Inactive) made transition - 18/Oct/16 06:20 PM

Open

In Development

8h 26m

Rashmita Dudhe (Inactive) made transition - 19/Oct/16 06:51 AM

In Development

In LB Testing

12h 30m

Rashmita Dudhe (Inactive) made transition - 26/Oct/16 06:46 AM

In LB Testing

Stage Testing

6d 23h 55m

Rakesh Roy (Inactive) made transition - 04/Nov/16 05:08 PM

Stage Testing

In Production Testing

9d 10h 22m

Rakesh Roy (Inactive) made transition - 07/Nov/16 06:00 PM

In Production Testing

Production Complete

3d 1h 51m

Rashmita Dudhe (Inactive) made transition - 24/Mar/17 06:08 AM

Production Complete

Closed

136d 11h 8m

People

Assignee:: Rashmita Dudhe (Inactive)

Reporter:: Rashmita Dudhe (Inactive)

Developer:: Vijayendra Shinde (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 18/Oct/16 09:53 AM

Updated:: 24/Mar/17 06:08 AM

Resolved:: 07/Nov/16 06:00 PM

Dev Due Date:: 19/Oct/2016