on Jun 14, 2016Article Content
| Article Number | 000032603 |
| Applies To | RSA Product Set: RSA Identity Management and Governance RSA Version/Condition: 6.9.1 P07, 6.9.1 P08 |
| Issue | Workflow string variables that may have values that include apostrophes should be escaped so that the apostrophe character is preserved correctly and not interpreted as an SQL command. A typical way of doing this is to use an Oracle q quote to surround the variable name, as in the following example:SELECT q'[${Variable}]' FROM database;After applying 6.9.1 P07 or 6.9.1 P08 the following error occurs in the Workflow when processing a workflow if the variable is escaped in this manner. com.workpoint.common.exception.ScriptEngineException: Symbol " has not been defined. |
| Cause | Changes in the way the workflow variables are parsed were made in 6.9.1 P07 in order to prevent SQL injection attacks. This prevents the previous method of escaping workflow variables from working. |
| Resolution | This issue is resolved in RSA Via Lifecycle and Governance version 6.9.1 P09 and later. In all current versions of the product there is no longer a need to escape variable names that may contain apostrophe characters. |
| Workaround | Due to problems with the parsing of values that contain nulls, no practicable workarounds are possible on 6.9.1 P07 or P08. Please upgrade to IMG 6.9.1 P09. |