History | Log In     View a printable version of the current page. Get help!  
   HOME       BROWSE PROJECT       FIND ISSUES   
    QUICK SEARCH:  
Issue Details [XML]

Key: SES-343
Type: Improvement Improvement
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Unassigned
Reporter: James Leigh
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Sesame

REGEX operations should allow binding pattern

Created: 25/Feb/07 03:45 PM   Updated: 20/Mar/08 08:29 PM
Component/s: Query Model
Affects Version/s: 2.0-beta1, 2.0-beta2, 2.0-beta3, 2.0-beta4, 2.0-beta5, 2.0-beta6
Fix Version/s: 2.0-rc1

Issue Links:
Dependency
 
This issue is a dependency for:
SES-421 update SPARQL support to the CR of 14... Major Closed


 Description   
Currently the regex() and LIKE operation of SPARQL and SeRQL require their pattern to be embedded in the query string. This can open the door for query-injection, a common problem in SQL applications on the web. Instead these should accept a pattern variable and allow its value to be binded through the Query interface before execution. This change should be done so not to cause a performance penalty for pattern compilation.

 All   Comments   Change History      Sort Order:
[ Permlink ]
Comment by James Leigh [01/Nov/07 09:46 PM]
LIKE will stay as it is for now, but SPARQL allows this pattern to come from an arbitrary value expression and should be changed.

[ Permlink ]
Comment by James Leigh [01/Nov/07 10:03 PM]
Revision: 3438


This site is running on Atlassian JIRA with a free Open Source Project / Non-profit License (license details).
JIRA is an issue tracking and bug tracking application. Evaluate JIRA for your organisation.
Powered by Atlassian JIRA™ the Professional Issue Tracker. (Professional Edition, Version: 3.4.2-#108) - Bug/feature request - Contact Administrators