Apex Code Development You need to sign in to do that
Don't have an account?
Parameter Tampering Issue in Security Review
public void saveclone(){
String deleteCustSettingId = (''+recordTypeId).substring(0,15);
delete [SELECT id FROM CLM_Tab__c WHERE RecordType_Id__c = :deleteCustSettingId];
}
I am using above code and getting parameter tampering issue while security review.Can anyone tell me what I am exactly doing wrong here.
String deleteCustSettingId = (''+recordTypeId).substring(0,15);
delete [SELECT id FROM CLM_Tab__c WHERE RecordType_Id__c = :deleteCustSettingId];
}
I am using above code and getting parameter tampering issue while security review.Can anyone tell me what I am exactly doing wrong here.
If you store the id in a variable and use the variable then you will get the error.
Can you retrive the id from ApexPages like below,
delete[SELECT id FROM CLM_Tab__c WHERE RecordType_Id__c =:ApexPages.currentPage().getParameters().get('recordTypeId')];
Please let us know, if this helps.
Thanks,
Govindaraj.S
in your case you are storing the recordTypeId from the URL param and using in query that is causing an issue
delete[SELECT id FROM CLM_Tab__c WHERE RecordType_Id__c =:ApexPages.currentPage().getParameters().get('recordTypeId').substring(0,15)];String taskOrderQuery = 'SELECT'+taskOrderQueryFlsChk+' From Opportunity__c Where id =\''+String.escapeSingleQuotes(ApexPages.CurrentPage().getparameters().get('tid'))+'\' Limit 1';
taskOrder = database.query(taskOrderQuery);
In above code I have used "ApexPages.currentPage().getParameters().get('tid')" directly in String and the I used database.query() for SOQL and Still it giving FSL error while Security Review