Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

MatchMode doesn't escape wildcard characters

Description

One can think that by specifying e.g. MatchMode.START in a "like" restriction Hibernate takes care of escaping SQL LIKE wildcard characters in the supplied pattern. It doesn't, actually Hibernate only inserts a % before the first character.

I am not sure what was the intent of the original author (Gavin King), so the issue may only be missing documentation. However I don't see any other useful purpose of this class then providing database independent escaping. It seems that all databases use the % wildcard, so there is no need to provide database indpeendence to that.

It can be argued that this might create a security problem for an unaware developer, so I set issue type to bug.

Attachments

1
  • 25 May 2009, 03:56 PM

Activity

Brett MeyerJuly 8, 2014 at 3:12 PM

Bulk rejecting stale issues. If this is still a legitimate issue on ORM 4, feel free to comment and attach a test case. I'll address responses case-by-case. Thanks!

Brett MeyerApril 7, 2014 at 5:40 PM

In an effort to clean up, in bulk, tickets that are most likely out of date, we're transitioning all ORM 3 tickets to an "Awaiting Test Case" state. Please see http://in.relation.to/Bloggers/HibernateORMJIRAPoliciesAndCleanUpTactics for more information.

If this is still a legitimate bug in ORM 4, please provide either a test case that reproduces it or enough detail (entities, mappings, snippets, etc.) to show that it still fails on 4. If nothing is received within 3 months or so, we'll be automatically closing them.

Thank you!

SamMMay 25, 2009 at 3:56 PM

Existing mapping file "criteria/Enrolment.hbm.xml" is used for this test.

Former userAugust 16, 2008 at 1:24 AM

Please attach a runnable (Java + mapping) test case that reproduces this issue.

Rejected

Details

Assignee

Reporter

Components

Affects versions

Priority

Created August 6, 2008 at 7:24 PM
Updated July 8, 2014 at 3:12 PM
Resolved July 8, 2014 at 3:12 PM

Flag notifications