safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 13:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUAC-1193: Do not use <bind> within <foreach>, as it only substitutes the last bound value for *ALL* usages of the created variable. Do not use LIKE, as we would then have to escape the search term in Java.

Browse Source
This commit is contained in:
Michael Jumper
2015-10-08 17:54:43 -07:00
parent 3cdcb1004f
commit 3c271da9b4
2 changed files with 8 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
View File

@@ -88,19 +88,18 @@
<!-- Search terms -->
<foreach collection="terms" item="term"
open="WHERE " separator=" AND ">
<bind name="termPattern" value="'%' + term.term + '%'" />
(
guacamole_connection_history.user_id IN (
SELECT user_id
FROM guacamole_user
WHERE username LIKE #{termPattern,jdbcType=VARCHAR}
WHERE POSITION(#{term.term,jdbcType=VARCHAR} IN username) > 0
)
OR guacamole_connection_history.connection_id IN (
SELECT connection_id
FROM guacamole_connection
WHERE connection_name LIKE #{termPattern,jdbcType=VARCHAR}
WHERE POSITION(#{term.term,jdbcType=VARCHAR} IN connection_name) > 0
)
<if test="term.startDate != null and term.endDate != null">
@@ -164,19 +163,18 @@
<!-- Search terms -->
<foreach collection="terms" item="term"
open="WHERE " separator=" AND ">
<bind name="termPattern" value="'%' + term.term + '%'" />
(
guacamole_connection_history.user_id IN (
SELECT user_id
FROM guacamole_user
WHERE username LIKE #{termPattern,jdbcType=VARCHAR}
WHERE POSITION(#{term.term,jdbcType=VARCHAR} IN username) > 0
)
OR guacamole_connection_history.connection_id IN (
SELECT connection_id
FROM guacamole_connection
WHERE connection_name LIKE #{termPattern,jdbcType=VARCHAR}
WHERE POSITION(#{term.term,jdbcType=VARCHAR} IN connection_name) > 0
)
<if test="term.startDate != null and term.endDate != null">

10
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
View File

@@ -88,19 +88,18 @@
<!-- Search terms -->
<foreach collection="terms" item="term"
open="WHERE " separator=" AND ">
<bind name="termPattern" value="'%' + term.term + '%'" />
(
guacamole_connection_history.user_id IN (
SELECT user_id
FROM guacamole_user
WHERE username LIKE #{termPattern,jdbcType=VARCHAR}
WHERE POSITION(#{term.term,jdbcType=VARCHAR} IN username) > 0
)
OR guacamole_connection_history.connection_id IN (
SELECT connection_id
FROM guacamole_connection
WHERE connection_name LIKE #{termPattern,jdbcType=VARCHAR}
WHERE POSITION(#{term.term,jdbcType=VARCHAR} IN connection_name) > 0
)
<if test="term.startDate != null and term.endDate != null">
@@ -164,19 +163,18 @@
<!-- Search terms -->
<foreach collection="terms" item="term"
open="WHERE " separator=" AND ">
<bind name="termPattern" value="'%' + term.term + '%'" />
(
guacamole_connection_history.user_id IN (
SELECT user_id
FROM guacamole_user
WHERE username LIKE #{termPattern,jdbcType=VARCHAR}
WHERE POSITION(#{term.term,jdbcType=VARCHAR} IN username) > 0
)
OR guacamole_connection_history.connection_id IN (
SELECT connection_id
FROM guacamole_connection
WHERE connection_name LIKE #{termPattern,jdbcType=VARCHAR}
WHERE POSITION(#{term.term,jdbcType=VARCHAR} IN connection_name) > 0
)
<if test="term.startDate != null and term.endDate != null">