svn commit: r443451 - /incubator/ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyServices.java

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

svn commit: r443451 - /incubator/ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyServices.java

jleroux@apache.org
Author: jleroux
Date: Thu Sep 14 12:53:41 2006
New Revision: 443451

URL: http://svn.apache.org/viewvc?view=rev&rev=443451
Log:
getPartyFromEmail does dangerous matching (http://jira.undersunconsulting.com/browse/OFBIZ-534?page=all)

Ean Schuessler :
getPartyByEmail does a '%EMAIL_ADDRESS%' match when you search for an email.
This means that you can get back [hidden email] when you search for [hidden email].
I can't really see the point of the current implementation and it can have dangerous
and suprising side effects if you are going to mail personal information.
I'd suggest doing a direct but case-insensitive match. The case insensitivity is a good feature.

I have suppressed the 2 SQL jokers


Modified:
    incubator/ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyServices.java

Modified: incubator/ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyServices.java
URL: http://svn.apache.org/viewvc/incubator/ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyServices.java?view=diff&rev=443451&r1=443450&r2=443451
==============================================================================
--- incubator/ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyServices.java (original)
+++ incubator/ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyServices.java Thu Sep 14 12:53:41 2006
@@ -663,7 +663,7 @@
         try {
             List exprs = new LinkedList();
 
-            exprs.add(new EntityExpr(new EntityFunction.UPPER(new EntityFieldValue("infoString")), EntityOperator.LIKE, new EntityFunction.UPPER("%" + email.toUpperCase() + "%")));
+            exprs.add(new EntityExpr(new EntityFunction.UPPER(new EntityFieldValue("infoString")), EntityOperator.LIKE, new EntityFunction.UPPER(email.toUpperCase())));
             List c = EntityUtil.filterByDate(delegator.findByAnd("PartyAndContactMech", exprs, UtilMisc.toList("infoString")), true);
 
             if (Debug.verboseOn()) Debug.logVerbose("List: " + c, module);


Reply | Threaded
Open this post in threaded view
|

Re: svn commit: r443451 - /incubator/ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyServices.java

David E Jones-2

Hmmm... Maybe we should back this one out...

The problem is: with this in there, how can you search for a partial  
email address or find all emails for a certain domain?

Also, is it so bad that you get additional results in a search?

-David


On Sep 14, 2006, at 1:53 PM, [hidden email] wrote:

> Author: jleroux
> Date: Thu Sep 14 12:53:41 2006
> New Revision: 443451
>
> URL: http://svn.apache.org/viewvc?view=rev&rev=443451
> Log:
> getPartyFromEmail does dangerous matching (http://
> jira.undersunconsulting.com/browse/OFBIZ-534?page=all)
>
> Ean Schuessler :
> getPartyByEmail does a '%EMAIL_ADDRESS%' match when you search for  
> an email.
> This means that you can get back [hidden email] when you search for  
> [hidden email].
> I can't really see the point of the current implementation and it  
> can have dangerous
> and suprising side effects if you are going to mail personal  
> information.
> I'd suggest doing a direct but case-insensitive match. The case  
> insensitivity is a good feature.
>
> I have suppressed the 2 SQL jokers
>
>
> Modified:
>     incubator/ofbiz/trunk/applications/party/src/org/ofbiz/party/
> party/PartyServices.java
>
> Modified: incubator/ofbiz/trunk/applications/party/src/org/ofbiz/
> party/party/PartyServices.java
> URL: http://svn.apache.org/viewvc/incubator/ofbiz/trunk/ 
> applications/party/src/org/ofbiz/party/party/PartyServices.java?
> view=diff&rev=443451&r1=443450&r2=443451
> ======================================================================
> ========
> --- incubator/ofbiz/trunk/applications/party/src/org/ofbiz/party/
> party/PartyServices.java (original)
> +++ incubator/ofbiz/trunk/applications/party/src/org/ofbiz/party/
> party/PartyServices.java Thu Sep 14 12:53:41 2006
> @@ -663,7 +663,7 @@
>          try {
>              List exprs = new LinkedList();
>
> -            exprs.add(new EntityExpr(new EntityFunction.UPPER(new  
> EntityFieldValue("infoString")), EntityOperator.LIKE, new  
> EntityFunction.UPPER("%" + email.toUpperCase() + "%")));
> +            exprs.add(new EntityExpr(new EntityFunction.UPPER(new  
> EntityFieldValue("infoString")), EntityOperator.LIKE, new  
> EntityFunction.UPPER(email.toUpperCase())));
>              List c = EntityUtil.filterByDate(delegator.findByAnd
> ("PartyAndContactMech", exprs, UtilMisc.toList("infoString")), true);
>
>              if (Debug.verboseOn()) Debug.logVerbose("List: " + c,  
> module);
>
>