Hibernate
/
hibernate-orm
mirror of https://github.com/hibernate/hibernate-orm
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

HHH-14077 : CVE-2019-14900 SQL injection issue using JPA Criteria API

This commit is contained in:
Gail Badner 2020-06-18 12:13:22 -07:00
parent c1771040c7
commit 3f3c1ab506
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
hibernate-core/src/main/java/org/hibernate/query/criteria/internal/expression/LiteralExpression.java
View File

@ -110,6 +110,11 @@ public class LiteralExpression<T> extends ExpressionImpl<T> implements Serializa
} }
private String renderProjection(RenderingContext renderingContext) { private String renderProjection(RenderingContext renderingContext) {
if ( ValueHandlerFactory.isCharacter( literal ) ) {
// In case literal is a Character, pass literal.toString() as the argument.
return renderingContext.getDialect().inlineLiteral( literal.toString() );
}
// some drivers/servers do not like parameters in the select clause // some drivers/servers do not like parameters in the select clause
final ValueHandlerFactory.ValueHandler handler = final ValueHandlerFactory.ValueHandler handler =
ValueHandlerFactory.determineAppropriateHandler( literal.getClass() ); ValueHandlerFactory.determineAppropriateHandler( literal.getClass() );
@ -117,10 +122,6 @@ public class LiteralExpression<T> extends ExpressionImpl<T> implements Serializa
if ( handler == null ) { if ( handler == null ) {
return normalRender( renderingContext, LiteralHandlingMode.BIND ); return normalRender( renderingContext, LiteralHandlingMode.BIND );
} }
if ( ValueHandlerFactory.isCharacter( literal ) ) {
return renderingContext.getDialect().inlineLiteral( handler.render( literal ) );
}
else { else {
return handler.render( literal ); return handler.render( literal );
} }