49 lines
1.8 KiB
Diff
49 lines
1.8 KiB
Diff
From 64a0cec764bfdd93c5e3d57e9fc342bcc9824ea3 Mon Sep 17 00:00:00 2001
|
|
From: wang_yue111 <648774160@qq.com>
|
|
Date: Fri, 19 Mar 2021 11:45:31 +0800
|
|
Subject: [PATCH] fix CVE-2019-14900
|
|
|
|
---
|
|
.../expression/LiteralExpression.java | 20 +++++++++++++------
|
|
1 file changed, 14 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/hibernate-entitymanager/src/main/java/org/hibernate/jpa/criteria/expression/LiteralExpression.java b/hibernate-entitymanager/src/main/java/org/hibernate/jpa/criteria/expression/LiteralExpression.java
|
|
index ac485b4..6125363 100644
|
|
--- a/hibernate-entitymanager/src/main/java/org/hibernate/jpa/criteria/expression/LiteralExpression.java
|
|
+++ b/hibernate-entitymanager/src/main/java/org/hibernate/jpa/criteria/expression/LiteralExpression.java
|
|
@@ -58,17 +58,25 @@ public class LiteralExpression<T> extends ExpressionImpl<T> implements Serializa
|
|
return ':' + parameterName;
|
|
}
|
|
|
|
+ private String escapeLiteral(String literal) {
|
|
+ return literal.replace("'", "''");
|
|
+ }
|
|
+
|
|
+ private String inlineLiteral(String literal) {
|
|
+ return String.format( "\'%s\'", escapeLiteral( literal) );
|
|
+ }
|
|
+
|
|
@SuppressWarnings({ "unchecked" })
|
|
public String renderProjection(RenderingContext renderingContext) {
|
|
+ if ( ValueHandlerFactory.isCharacter( literal ) ) {
|
|
+ // In case literal is a Character, pass literal.toString() as the argument.
|
|
+ return inlineLiteral( literal.toString() );
|
|
+ }
|
|
+
|
|
// some drivers/servers do not like parameters in the select clause
|
|
final ValueHandlerFactory.ValueHandler handler =
|
|
ValueHandlerFactory.determineAppropriateHandler( literal.getClass() );
|
|
- if ( ValueHandlerFactory.isCharacter( literal ) ) {
|
|
- return '\'' + handler.render( literal ) + '\'';
|
|
- }
|
|
- else {
|
|
- return handler.render( literal );
|
|
- }
|
|
+ return handler.render( literal );
|
|
}
|
|
|
|
@Override
|
|
--
|
|
2.23.0
|
|
|