Skip to content

FINERACT-2461: Refactor EmailReadPlatformServiceImpl to use Prepared Statements #5417

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Saifulhuq01 wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

FINERACT-2461: Refactor EmailReadPlatformServiceImpl to use Prepared Statements #5417

Saifulhuq01 wants to merge 1 commit into from
+57 −44

Conversation

@Saifulhuq01
Copy link

@Saifulhuq01 Saifulhuq01 commented Jan 30, 2026

Description

Refactored EmailReadPlatformServiceImpl.java to replace legacy SQL string concatenation with JDBC Prepared Statements.

This change prevents potential SQL injection vulnerabilities by using ? placeholders and passing parameters dynamically via JdbcTemplate.

Resolves FINERACT-2461.
Also related to FINERACT-2459.

Changes

  • Refactored queries in retrieveAllPending, retrieveAllSent, and other read methods to use ? placeholders.
  • Implemented List<Object> to pass parameters dynamically.
  • Applied Spotless formatting.

Checklist

  • Commit message follows guidelines
  • Coding conventions followed
  • Build is passing

Aman-Mittal
Aman-Mittal reviewed Jan 30, 2026
View reviewed changes
...org/apache/fineract/infrastructure/campaigns/email/service/EmailReadPlatformServiceImpl.java
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
Copy link
Contributor

@Aman-Mittal Aman-Mittal Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why this removed?

@oleksii-novikov-onix
Copy link
Contributor

oleksii-novikov-onix commented Jan 30, 2026

These changes really improved the code, but in my opinion it would be much more beneficial to rewrite it from jdbcTemplate to Spring Data JPA.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@Aman-Mittal Aman-Mittal Aman-Mittal left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Saifulhuq01 @oleksii-novikov-onix @Aman-Mittal