summaryrefslogtreecommitdiffstats
path: root/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/runtime/ReportRuntime.java
diff options
context:
space:
mode:
Diffstat (limited to 'ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/runtime/ReportRuntime.java')
-rw-r--r--ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/runtime/ReportRuntime.java4
1 files changed, 3 insertions, 1 deletions
diff --git a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/runtime/ReportRuntime.java b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/runtime/ReportRuntime.java
index f9d58fee..03c8214d 100644
--- a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/runtime/ReportRuntime.java
+++ b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/model/runtime/ReportRuntime.java
@@ -85,6 +85,8 @@ import org.onap.portalsdk.analytics.xmlobj.DataColumnType;
import org.onap.portalsdk.analytics.xmlobj.FormFieldType;
import org.onap.portalsdk.analytics.xmlobj.ObjectFactory;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
+import org.onap.portalsdk.core.util.SecurityCodecUtil;
+import org.owasp.esapi.ESAPI;
import com.fasterxml.jackson.databind.ObjectMapper;
@@ -2455,7 +2457,7 @@ public class ReportRuntime extends ReportWrapper implements Cloneable, Serializa
if (param.charAt(startIdx + 1) == '#') {
// Parameter is a form field value
String fieldId = param.substring(startIdx + 2, endIdx);
- String fieldValue = request.getParameter(fieldId);
+ String fieldValue = ESAPI.encoder().encodeForSQL( SecurityCodecUtil.getCodec(), request.getParameter(fieldId));
sql = Utils.replaceInString(sql, "[" + fieldId.toUpperCase()+"]", fieldValue );
}
}