From fcd7c7749a0c86f9b781811af6a43939602e7993 Mon Sep 17 00:00:00 2001 From: Joost van Doorn Date: Wed, 2 Oct 2024 14:56:01 +0200 Subject: [PATCH] Update docker image --- docker/Dockerfile | 5 ++--- .../be/cytomine/repository/ReviewedAnnotationListing.java | 4 ++-- .../java/be/cytomine/service/image/ImageInstanceService.java | 5 +++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 66f1ff62..34da819f 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -2,8 +2,7 @@ ARG CORE_VERSION ARG CORE_REVISION ARG ENTRYPOINT_SCRIPTS_VERSION=1.3.0 ARG GRADLE_VERSION=7.2-jdk17-alpine -ARG OPENJDK_VERSION=17-slim-bullseye - +ARG OPENJDK_VERSION=23-ea-17-slim-bookworm ####################################################################################### # Stage: core dependencies download via gradle @@ -93,7 +92,7 @@ ENV LANG C.UTF-8 # base librairies and configuration RUN apt-get update -y \ && apt-get install --no-install-recommends --no-install-suggests -y \ - logrotate=3.18* \ + logrotate=3.21* \ gettext=0.21* \ && rm -rf /var/lib/apt/lists/* \ && sed -i "/su root syslog/c\su root root" /etc/logrotate.conf diff --git a/src/main/java/be/cytomine/repository/ReviewedAnnotationListing.java b/src/main/java/be/cytomine/repository/ReviewedAnnotationListing.java index 8c72439b..bb68d3ca 100644 --- a/src/main/java/be/cytomine/repository/ReviewedAnnotationListing.java +++ b/src/main/java/be/cytomine/repository/ReviewedAnnotationListing.java @@ -160,7 +160,6 @@ String getUsersForTermConst(Map parameters) { } String buildExtraRequest(Map parameters) { - // TODO: Protect query if (kmeansValue == 3 && image != null && bbox != null) { /** @@ -203,7 +202,8 @@ String buildExtraRequest(Map parameters) { "WHERE ga.id=a.id " + "AND ga.id<>gb.id " + "AND ga.image_id=gb.image_id " + - "AND ST_Intersects(gb.location,ST_GeometryFromText('" + bbox + "',0)))\n"; + "AND ST_Intersects(gb.location,ST_GeometryFromText(:bbox_subRequest,0)))\n"; + parameters.put("bbox_subRequest", bbox); //orderBy = ['numberOfCoveringAnnotation':'asc','id':'asc'] orderBy = new LinkedHashMap<>(Map.of("id", "desc")); diff --git a/src/main/java/be/cytomine/service/image/ImageInstanceService.java b/src/main/java/be/cytomine/service/image/ImageInstanceService.java index 1104cdee..3732fd02 100644 --- a/src/main/java/be/cytomine/service/image/ImageInstanceService.java +++ b/src/main/java/be/cytomine/service/image/ImageInstanceService.java @@ -344,7 +344,7 @@ public Page> list(SecUser user, List s // TODO: Check query security select = "SELECT distinct " + imageInstanceAlias + ".* "; from = "FROM user_image "+ imageInstanceAlias + " "; - where = "WHERE user_image_id = " + user.getId() + " "; + where = "WHERE user_image_id = :user_id "; search = ""; if (!imageInstanceCondition.isBlank()) { @@ -407,6 +407,7 @@ public Page> list(SecUser user, List s Session session = entityManager.unwrap(Session.class); NativeQuery query = session.createNativeQuery(request, Tuple.class); + query.setParameter("user_id", user.getId()); Map mapParams = sqlSearchConditions.getSqlParameters(); if(nameSearch!=null){ mapParams.put("name", nameSearch.getValue()); @@ -440,9 +441,9 @@ public Page> list(SecUser user, List s object.put("projectName", result.get("projectName")); results.add(result); } - // TODO: Check query security request = "SELECT COUNT(DISTINCT " + imageInstanceAlias + ".id) " + from + where + search; query = session.createNativeQuery(request); + query.setParameter("user_id", user.getId()); for (Map.Entry entry : mapParams.entrySet()) { query.setParameter(entry.getKey(), entry.getValue()); }