Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity

Bug 37508: (QA follow-up) Use ->check_columns

Browse source 
Add shebang to Guided.t too.

Test plan:
See also previous commits.
Try sql like:
  select access_token from oauth_access_tokens

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This commit is contained in:
Marcel de Rooy 2024-08-09 09:56:11 +00:00 committed by Tomas Cohen Arazi
parent c4ddaeb6aa
commit 4ad45ac37b
Signed by: tomascohen
GPG key ID: 0A272EA1B2F3C15F
2 changed files with 5 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
C4/Reports/Guided.pm
View file

@ -615,15 +615,9 @@ sub execute_query {
}; };
warn $@ if $@; warn $@ if $@;
if ( $sql =~ m/password/ ) { # Check if table.* contained forbidden column names
return ( $sth, { passworderr => "Illegal column in SQL" } ); return ( $sth, { passworderr => "Illegal column in results" } )
} if Koha::Report->new->check_columns( undef, $sth->{NAME_lc} );
foreach my $column ( @{ $sth->{NAME_lc} } ) {
if ( $column eq 'password' ) {
return ( $sth, { passworderr => "Illegal column in results" } );
}
}
return ( $sth, { queryerr => $sth->errstr } ) if ($sth->err); return ( $sth, { queryerr => $sth->errstr } ) if ($sth->err);
return ( $sth ); return ( $sth );

2
t/db_dependent/Reports/Guided.t
View file

@ -1,3 +1,5 @@
#!/usr/bin/perl
# Copyright 2012 Catalyst IT Ltd. # Copyright 2012 Catalyst IT Ltd.
# Copyright 2015 Koha Development team # Copyright 2015 Koha Development team
# #