Author: jleroux
Date: Thu Sep 14 12:53:41 2006 New Revision: 443451 URL: http://svn.apache.org/viewvc?view=rev&rev=443451 Log: getPartyFromEmail does dangerous matching (http://jira.undersunconsulting.com/browse/OFBIZ-534?page=all) Ean Schuessler : getPartyByEmail does a '%EMAIL_ADDRESS%' match when you search for an email. This means that you can get back [hidden email] when you search for [hidden email]. I can't really see the point of the current implementation and it can have dangerous and suprising side effects if you are going to mail personal information. I'd suggest doing a direct but case-insensitive match. The case insensitivity is a good feature. I have suppressed the 2 SQL jokers Modified: incubator/ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyServices.java Modified: incubator/ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyServices.java URL: http://svn.apache.org/viewvc/incubator/ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyServices.java?view=diff&rev=443451&r1=443450&r2=443451 ============================================================================== --- incubator/ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyServices.java (original) +++ incubator/ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyServices.java Thu Sep 14 12:53:41 2006 @@ -663,7 +663,7 @@ try { List exprs = new LinkedList(); - exprs.add(new EntityExpr(new EntityFunction.UPPER(new EntityFieldValue("infoString")), EntityOperator.LIKE, new EntityFunction.UPPER("%" + email.toUpperCase() + "%"))); + exprs.add(new EntityExpr(new EntityFunction.UPPER(new EntityFieldValue("infoString")), EntityOperator.LIKE, new EntityFunction.UPPER(email.toUpperCase()))); List c = EntityUtil.filterByDate(delegator.findByAnd("PartyAndContactMech", exprs, UtilMisc.toList("infoString")), true); if (Debug.verboseOn()) Debug.logVerbose("List: " + c, module); |
Hmmm... Maybe we should back this one out... The problem is: with this in there, how can you search for a partial email address or find all emails for a certain domain? Also, is it so bad that you get additional results in a search? -David On Sep 14, 2006, at 1:53 PM, [hidden email] wrote: > Author: jleroux > Date: Thu Sep 14 12:53:41 2006 > New Revision: 443451 > > URL: http://svn.apache.org/viewvc?view=rev&rev=443451 > Log: > getPartyFromEmail does dangerous matching (http:// > jira.undersunconsulting.com/browse/OFBIZ-534?page=all) > > Ean Schuessler : > getPartyByEmail does a '%EMAIL_ADDRESS%' match when you search for > an email. > This means that you can get back [hidden email] when you search for > [hidden email]. > I can't really see the point of the current implementation and it > can have dangerous > and suprising side effects if you are going to mail personal > information. > I'd suggest doing a direct but case-insensitive match. The case > insensitivity is a good feature. > > I have suppressed the 2 SQL jokers > > > Modified: > incubator/ofbiz/trunk/applications/party/src/org/ofbiz/party/ > party/PartyServices.java > > Modified: incubator/ofbiz/trunk/applications/party/src/org/ofbiz/ > party/party/PartyServices.java > URL: http://svn.apache.org/viewvc/incubator/ofbiz/trunk/ > applications/party/src/org/ofbiz/party/party/PartyServices.java? > view=diff&rev=443451&r1=443450&r2=443451 > ====================================================================== > ======== > --- incubator/ofbiz/trunk/applications/party/src/org/ofbiz/party/ > party/PartyServices.java (original) > +++ incubator/ofbiz/trunk/applications/party/src/org/ofbiz/party/ > party/PartyServices.java Thu Sep 14 12:53:41 2006 > @@ -663,7 +663,7 @@ > try { > List exprs = new LinkedList(); > > - exprs.add(new EntityExpr(new EntityFunction.UPPER(new > EntityFieldValue("infoString")), EntityOperator.LIKE, new > EntityFunction.UPPER("%" + email.toUpperCase() + "%"))); > + exprs.add(new EntityExpr(new EntityFunction.UPPER(new > EntityFieldValue("infoString")), EntityOperator.LIKE, new > EntityFunction.UPPER(email.toUpperCase()))); > List c = EntityUtil.filterByDate(delegator.findByAnd > ("PartyAndContactMech", exprs, UtilMisc.toList("infoString")), true); > > if (Debug.verboseOn()) Debug.logVerbose("List: " + c, > module); > > |
Free forum by Nabble | Edit this page |