Open basstone40 opened 5 years ago
santoshconflux
commented
5 years ago @edcable , This issue is related to sql injections - It is throwing the following error:
{"developerMessage":"The request was invalid. This typically will happen due to validation errors which are provided.","httpStatusCode":"400","defaultUserMessage":"Unexpected SQL Commands found","userMessageGlobalisationCode":"error.msg.found.sql.injection"}
santoshconflux
commented
5 years ago Though, Fineract doesn't support Pentaho due to licensing, this regression is caused by some code changes in Fineract. Need this to be resolved before Fineract 1.3.1 and Mifos release.
SMtetwa
commented
5 years ago Though, Fineract doesn't support Pentaho due to licensing, this regression is caused by some code changes in Fineract. Need this to be resolved before Fineract 1.3.1 and Mifos release.
I concur. This issue needs to be resolved ASAP
vorburger
commented
4 years ago It is throwing the following error:
{"developerMessage":"The request was invalid. This typically will happen due to validation errors which are provided.","httpStatusCode":"400","defaultUserMessage":"Unexpected SQL Commands found","userMessageGlobalisationCode":"error.msg.found.sql.injection"}
I'm assuming this ^^^ error appears on the community-app UI / browser console (client side) - is there also a matching error log shown in the fineract-provider (backend server side)? That could help to understand this problem better... because personally I don't understand what this means, yet. If others do, please elaborate... how could a Pentaho report possibly cause an SQL injection?
santoshconflux
commented
4 years ago @vishwasbabu, referring above comment by @vorburger, I think Sql injection issue is Fineract side, right?
awasum
commented
4 years ago Fineract itself does not really contain the implementation for the pentaho service handler and also does not contain the dependencies jars for pentaho.
I understand Mifos Initiative usually have a complementary backend ontop of a Fineract Release(which adds the pentaho dependencies and reporting command and service handlers) before Mifos X can be released. This is how even for profit companies work with Fineract when they need to provide pentaho reporting services to their clients. See here for the enhanced fineract : https://github.com/openMF/incubator-fineract/tree/MIFOSX-18.03.01.RELEASE
Notice how different the finerac-provider folder is. This now contains the pentaho reports.
Specifically see commit: https://github.com/openMF/incubator-fineract/commit/df8ef2e8b6c50846e58b3fc01cffe6d27a987cc1
now, is there any pentaho enabled fork of Fineract which will be bundled with a Mifos X 19.12.X release? One similar to incubator Fineract above. Maybe that is where one can start looking at the issue.
karantakalkar
commented
4 years ago @awasum I guess this issue still persists in latest fineract release (dev.mifos.io), I had just rewritten run reports controller https://github.com/openMF/web-app/pull/592, API response is same as above.
Hi all, we have errors in our Mifosx 18..03 release. The Loan Arrears, Aging summary reports and all of the same kind are not working in this release of MIfos x 18.03, but into Mifos x 17 release all the same are working without a problem. I am reporting this issue to be known to all Mifos x developers that they can will to make changes so as to solve this issue. I have attached here some print screen photos of those reports . Thank you for your support!
Jubha.