From 0c029ee8490532caee26a10cd1a09eb0fed2d354 Mon Sep 17 00:00:00 2001 From: Marcel de Rooy Date: Fri, 9 Aug 2024 09:56:11 +0000 Subject: [PATCH] Bug 37508: (QA follow-up) Use ->check_columns Add shebang to Guided.t too. Test plan: See also previous commits. Try sql like: select access_token from oauth_access_tokens Signed-off-by: Marcel de Rooy Signed-off-by: Tomas Cohen Arazi Signed-off-by: Katrin Fischer --- C4/Reports/Guided.pm | 12 +++--------- t/db_dependent/Reports/Guided.t | 2 ++ 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/C4/Reports/Guided.pm b/C4/Reports/Guided.pm index 481eb0962e..1f1dd80ca2 100644 --- a/C4/Reports/Guided.pm +++ b/C4/Reports/Guided.pm @@ -624,15 +624,9 @@ sub execute_query { return ( $sth, { queryerr => $sth->errstr } ) if ( $sth->err ); - if ( $sql =~ m/password/ ) { - return ( $sth, { passworderr => "Illegal column in SQL" } ); - } - - foreach my $column ( @{ $sth->{NAME_lc} } ) { - if ( $column eq 'password' ) { - return ( $sth, { passworderr => "Illegal column in results" } ); - } - } + # Check if table.* contained forbidden column names + return ( $sth, { passworderr => "Illegal column in results" } ) + if Koha::Report->new->check_columns( undef, $sth->{NAME_lc} ); return ($sth); } diff --git a/t/db_dependent/Reports/Guided.t b/t/db_dependent/Reports/Guided.t index 18bd7763d2..e84ccc2e00 100755 --- a/t/db_dependent/Reports/Guided.t +++ b/t/db_dependent/Reports/Guided.t @@ -1,3 +1,5 @@ +#!/usr/bin/perl + # Copyright 2012 Catalyst IT Ltd. # Copyright 2015 Koha Development team #