You need to sign in to do that
Don't have an account?
Rajus
parameter tampering issue.
Hi All,
I am getting Parameter_Tampering Issue in my apex code when i submit package for security review.It is coming specifically when i use string.escapeSingleQuotes(variable) to avoid SOQL-SOSL injection.
Do any one have idea about How to get rid of this issue.It ll be more helpful to me.
Thanks,
Rajesh.
I am getting Parameter_Tampering Issue in my apex code when i submit package for security review.It is coming specifically when i use string.escapeSingleQuotes(variable) to avoid SOQL-SOSL injection.
Do any one have idea about How to get rid of this issue.It ll be more helpful to me.
Thanks,
Rajesh.
Got it to work.It is strange but the way to do it without getting the parameter tampering warning is as below :
t = [select Id, Status__c from Ticket__c where Id =:ApexPages.currentPage().getParameters().get('id')];
if you store the get id in a variable and use the variable then you will get the error.
(mark as answer if it suit)
All Answers
Please tell us more about the usage like where you are exactly using this method? It would be more helpful if you paste some code related to the issue as well.
Regards
Sachin
Follwoing is my Apex code where i am getting the above issue.
public string recid{get;set;}
In constructor i wrote the following statement.
recid=ApexPages.currentPage().getParameters().get('id');
And i am using this recid in one of Apex method like below.
if(recid != null && recid != '')
List<Account> acc = [select Name from Account where id=:string.escapeSingleQuotes(recid)];
I dont know where i am doing wrong .If you have any idea that why this Vulnerabilty comes then pleas let me know.
Also please let me know if you need more information.
Thanks,
Rajesh.
recid = EncodingUtil.urlEncode(ApexPages.currentPage().getParameters().get('id'),'UTF-8')
Got it to work.It is strange but the way to do it without getting the parameter tampering warning is as below :
t = [select Id, Status__c from Ticket__c where Id =:ApexPages.currentPage().getParameters().get('id')];
if you store the get id in a variable and use the variable then you will get the error.
(mark as answer if it suit)