Koha/admin
Galen Charlton 94e349ff6c Bug 11666: remove SQL as an option for MARC framework exports and imports
The SQL option for MARC framework imports was subject to a bug whereby
somebody could use it to gain access to arbitrary information in the
database by uploading an SQL file containing unexpected statements.

As it is difficult to securely sanitize SQL, this patch removes the
option to use SQL as an import or export format.

To test:

[1] Verify that SQL no longer appears as an import or export option
    for the MARC frameworks.
[2] Verify that exports and imports in CSV, Excel XML, and ODS formats
    still work.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Works as advertised. The UI doesn't offer exporting/importing in the SQL format.
Crafting the URL to export SQL fallbacks to a spreadsheet format (ODS).

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described, passes all tests and QA script.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-02-05 19:48:27 +00:00
..
searchengine/solr Bug 8233 : SearchEngine: Add a Koha::SearchEngine module 2012-07-06 16:51:58 +02:00
admin-home.pl bug_8083: parameters subpermissions: manage_circ_rules and parameters_remaining_permissions 2012-07-23 10:43:59 +02:00
aqbudget_user_search.pl Bug 7304: More permissions for budgets 2012-06-27 16:25:44 +02:00
aqbudgetperiods.pl Bug 9108: Followup: send the dateformat value from C4::Auth 2013-01-17 21:59:30 -05:00
aqbudgets.pl Bug 11166: make library filter in funds administration page more precise 2013-12-20 22:49:47 +00:00
aqcontract.pl Bug 8913 [Revised] Improve acquisitions navigation 2013-02-20 09:17:21 -05:00
aqplan.pl Bug 7304: More permissions for budgets 2012-06-27 16:25:44 +02:00
auth_subfields_structure.pl Bug 11286: fix bug preventing adding a new subfield to an authority framework 2013-11-27 18:07:17 +00:00
auth_tag_structure.pl Bug 10038: (follow-up) fix tabs 2013-10-18 04:47:12 +00:00
authorised_values.pl Bug 9307: QA Followup 2013-06-19 07:19:39 -07:00
authtypes.pl bug_8083: parameters subpermissions: manage_circ_rules and parameters_remaining_permissions 2012-07-23 10:43:59 +02:00
biblio_framework.pl bug_8083: parameters subpermissions: manage_circ_rules and parameters_remaining_permissions 2012-07-23 10:43:59 +02:00
branch_transfer_limits.pl Bug 6842 FU : library transfer limits edits not stored 2012-02-01 22:47:56 +01:00
branches.pl Bug 10515: make behavior of library category fetchers consistent with other fetchers 2013-07-17 17:27:24 +00:00
categorie.pl Bug 11513: fix log warning noise in patron category editor 2014-01-31 16:15:09 +00:00
check_budget_parent.pl Bug 5385: POD Cleanups (part 1) 2010-11-12 10:06:55 +13:00
check_parent_total.pl bug4438/MT5496 budget Exceeds total allocation 2011-03-14 20:45:58 +13:00
checkmarc.pl bug_8083: parameters subpermissions: manage_circ_rules and parameters_remaining_permissions 2012-07-23 10:43:59 +02:00
cities.pl bug_8083: parameters subpermissions: manage_circ_rules and parameters_remaining_permissions 2012-07-23 10:43:59 +02:00
classsources.pl bug_8083: parameters subpermissions: manage_circ_rules and parameters_remaining_permissions 2012-07-23 10:43:59 +02:00
clone-rules.pl bug_8083: parameters subpermissions: manage_circ_rules and parameters_remaining_permissions 2012-07-23 10:43:59 +02:00
currency.pl Bug 8907 - Last updated date does not appear on currency edit form 2012-10-24 17:58:49 +02:00
didyoumean.pl Bug 8726: ExplodedTerms suggestion plugin (functionality) 2012-09-28 17:08:21 +02:00
env_tz_test.pl bug_8083: parameters subpermissions: manage_circ_rules and parameters_remaining_permissions 2012-07-23 10:43:59 +02:00
fieldmapping.pl Bug 8713 - Warning message triggered by clicking Keywords to MARC mapping 2012-09-17 18:48:21 +02:00
import_export_framework.pl Bug 11666: remove SQL as an option for MARC framework exports and imports 2014-02-05 19:48:27 +00:00
item_circulation_alerts.pl bug_8083: parameters subpermissions: manage_circ_rules and parameters_remaining_permissions 2012-07-23 10:43:59 +02:00
itemtypes.pl Bug 11163: display correct itemtype usage count when deleting an itemtype 2013-11-15 15:34:33 +00:00
koha2marclinks.pl bug_8083: parameters subpermissions: manage_circ_rules and parameters_remaining_permissions 2012-07-23 10:43:59 +02:00
marc_subfields_structure.pl Bug 8018: (followup) make the default more explicit 2013-12-27 00:34:50 +00:00
marctagstructure.pl Bug 8849 - Error log generated when not a demo system 2012-10-24 18:07:59 +02:00
matching-rules.pl Bug 7475: Teach matching rules to handle authorities 2012-09-19 17:15:56 +02:00
oai_set_mappings.pl Bug 9295: Introduce operator equal/ notequal to OAI set mapping instead of hardcoded 'equal' value. 2013-10-10 23:03:30 +00:00
oai_sets.pl bug_8083: parameters subpermissions: manage_circ_rules and parameters_remaining_permissions 2012-07-23 10:43:59 +02:00
patron-attr-types.pl Bug 7919 : Display of values depending on the connexion library 2012-12-05 10:10:57 -05:00
preferences.pl Bug 11135: (follow-up) improve testing of OVERRIDE_SYSPREF_NAMES 2013-10-31 14:21:25 +00:00
printers.pl bug_8083: parameters subpermissions: manage_circ_rules and parameters_remaining_permissions 2012-07-23 10:43:59 +02:00
roadtype.pl bug_8083: parameters subpermissions: manage_circ_rules and parameters_remaining_permissions 2012-07-23 10:43:59 +02:00
smart-rules.pl Bug 8365: Add a renewal duration in the issuing rules 2013-03-22 07:56:59 -04:00
stopwords.pl bug_8083: parameters subpermissions: manage_circ_rules and parameters_remaining_permissions 2012-07-23 10:43:59 +02:00
systempreferences.pl Bug 9760: Simplify local use preferences 2013-03-13 08:56:30 -04:00
transport-cost-matrix.pl bug_5911: Transport Cost Matrix 2012-09-12 14:49:25 +02:00
z3950servers.pl Bug 10096 - Add a Z39.50 interface for authority searching 2013-10-04 14:26:29 +00:00