- Open https://folio-iris.dev.folio.org/ or https://folio-snapshot.dev.folio.org
- Open the Users app
- Find sample data user "Hilll, Justen Else" and open the user record
- Click on "1 open loan" in the Loans accordion
This error message pops up:
wayne thinks the query string is not appropriately escaped, so the parens are parsed as part of the CQL rather than part of the string.
This is the sample data loan record https://github.com/folio-org/mod-circulation-storage/blob/v12.2.1/sample-data/loans/bridget-jones-baby-item.json :
Note that there is no "loanPolicyId" , no "overdueFinePolicyId" and no "lostItemPolicyId".
These properties are optional.
The front-end fetches the loan data from the /circulation/loans API that returns
This is the CQL query that the front-end sends to the /loan-policy-storage/loan-policies API:
It seems that Stripes creates the CQL query:
Stripes should always put the value into quotes and use escapeCqlValue:
where $val is
This avoid CQL injection.