Koha/C4
Andrew Moore 551b95284e bug 1953 [1/2]: fixing SQL injection problem in C4::Context->preference
C4::Context->preference was not using placeholders and was potentially vulnerable to
a SQL injectin attack. This patch refactors the method to use placeholders.

Added some tests for C4::Context.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-07-24 11:25:58 -05:00
..
AuthoritiesMarc added C4/AuthoritesMarc/*.pm missed in previous patch 2008-01-04 19:08:30 -06:00
Barcodes Barcodes - OO replacements, extensible module, tests. 2008-07-04 09:22:22 -05:00
ClassSortRoutine ignore "/" when sorting Dewey call numbers 2007-10-23 18:24:29 -05:00
External C4/External/BakerTaylor.pm - Back end for B&T content. 2008-04-22 18:02:33 -05:00
Heading bug 2315: no crash if subfield code is a metacharacter 2008-07-08 09:36:11 -05:00
Members Bug 2176 (2/5): adding patron interface to update messaging preferences 2008-06-20 13:04:50 -05:00
OAI OAI package handle correctly unicode content 2008-07-02 12:25:32 -05:00
Search FRBR: added OPAC search result grouping option 2008-02-11 16:35:17 -06:00
SIP Interactive tests for SIP abstraction representation and Members. 2008-06-25 11:45:30 -05:00
tests Patch from Galen Charlton, removing $Id$ $Log$ and $Revision$ from files 2007-10-18 20:22:01 -05:00
VirtualShelves kohabug 2159 Improving "Lists" button list refreshes after adding/changing lists/shelves 2008-07-22 15:48:13 -05:00
Accounts.pm Fix for bug 2183, "Account tab needs spacing between description and stadard text" Please note that this is a band-aid for a larger issue, described in Bug 2188 2008-05-31 21:59:52 -05:00
Acquisition.pm Refine lateorders - error feedback, filter independence 2008-07-18 13:23:51 -05:00
Amazon.pm fix for 2322: Failure to reach amazon.com to retrieve enhanced content causes fatal error in Koha 2008-07-08 16:31:04 -05:00
Auth.pm Correcting bad session var that caused Lists link not to be displayed in anonymous sessions 2008-07-23 06:49:51 -05:00
Auth_with_ldap.pm Bugfix LDAP config to play nice with Zebra. 2008-06-16 15:37:13 -05:00
AuthoritiesMarc.pm bug 2254 [1/3]: fixed GetAuthType(); avoid crash 2008-06-25 11:39:24 -05:00
BackgroundJob.pm C4 - BEGIN blocks and 1; __END__ for modules 2008-01-07 20:02:18 -06:00
Barcodes.pm Barcodes - OO replacements, extensible module, tests. 2008-07-04 09:22:22 -05:00
Biblio.pm bug 2297: improve ModBiblio() to avoid duplicate item fields 2008-07-04 09:22:13 -05:00
Bookfund.pm bug-1494, fixed bookfund modify code 2007-11-01 17:27:55 -05:00
Bookseller.pm Refine lateorders - error feedback, filter independence 2008-07-18 13:23:51 -05:00
Boolean.pm Boolean.pm - BEGIN block VERSION and vars related to export. 2008-01-07 20:02:24 -06:00
Branch.pm bug 1953: fixing potential SQL injection problems in C4::Branch::GetBranches 2008-05-12 15:07:17 -05:00
Breeding.pm IMPORTANT - refactor MARC character set handling 2008-02-03 07:23:56 -06:00
Calendar.pm Single FIXME comment inserted. 2008-05-29 07:04:39 -05:00
Charset.pm work around issue in MARC::Charset 2008-04-01 06:46:04 -05:00
Circulation.pm fix for bug 1551: Renewing doesn't move item... 2008-07-16 18:26:16 -05:00
ClassSortRoutine.pm call number work part 2 -- added framework for call number filing routines 2007-10-21 22:11:37 -05:00
ClassSource.pm call number work part 3 -- now using new routines to generate call number sort keys 2007-10-21 22:11:40 -05:00
Context.pm bug 1953 [1/2]: fixing SQL injection problem in C4::Context->preference 2008-07-24 11:25:58 -05:00
Dates.pm Dates.pm - trivial perldoc corrections 2008-04-08 17:00:07 -05:00
Debug.pm C4::Debug - should resolve conflict w/ CGI upload. Debug no longer uses CGI. 2008-03-16 08:32:20 -05:00
Heading.pm Porting SimpleSearch return changes to all code calling it. 2008-04-17 05:52:45 -05:00
ImportBatch.pm staging import - enhance record overlay behavior 2008-04-30 21:58:46 -05:00
Input.pm Input.pm - perldoc correction 2007-12-27 17:21:07 -06:00
Installer.pm bug: 2176 improvements to database upgrade path 2008-06-20 17:47:36 -05:00
Items.pm Bug 2094: fixing two bugs in lost items report 2008-05-11 06:48:51 -05:00
Koha.pm bug: 2272 - remove warning from C4::Koha::getitemtypeimagedir 2008-06-25 11:47:28 -05:00
Labels.pm Further fixes to Labels.pm including escaping '(' and ')' for the PDF distiller 2008-07-12 08:59:36 -05:00
Languages.pm Fix for 2184 2008-07-14 08:39:14 -05:00
Letters.pm Bug 2274 [3/5]: consolidating overdue notice cronjobs into one 2008-07-10 09:10:46 -05:00
Log.pm refactor C4::Log::logaction 2008-03-19 06:34:10 -05:00
Maintainance.pm rel_3_0 moved to HEAD (introducing new files) 2007-03-09 15:34:17 +00:00
Matcher.pm bug 1980: updateing calls to SimpleSearch to limit number of things returned 2008-07-10 09:11:24 -05:00
Members.pm bug 2284: ModMember can erase the dateofbirth field 2008-07-10 09:40:46 -05:00
NewsChannels.pm NewsChannels.pm - BEGIN block VERSION and vars related to export. 2008-01-07 20:02:36 -06:00
Output.pm Bugfix pagination_bar to work with only one param/value pair. 2008-07-10 09:11:44 -05:00
Overdues.pm Bug 2274 [3/5]: consolidating overdue notice cronjobs into one 2008-07-10 09:10:46 -05:00
Print.pm clean up old-style calls to GetMemberDetails 2008-06-25 11:39:22 -05:00
Record.pm fixed MODS biblio export on a "standard" install 2008-04-01 06:46:08 -05:00
Reports.pm bug 2004: changes to guided reports on items 2008-04-08 17:00:12 -05:00
Reserves.pm Further update to allow notforloan < 0 items to be placed on hold. This is a workaround for the lack of a notforhold flag. 2008-07-10 15:40:06 -05:00
Review.pm minor cleanup, remove $sth->finish's. No documentation impact. 2008-05-30 10:01:06 -05:00
Scheduler.pm kohabug 1993 - task scheduler improvements 2008-06-09 06:38:03 -05:00
Scrubber.pm Unescape Comment, now that we trust Scrubber to block bad markup. 2008-05-29 06:30:51 -05:00
Search.pm Removes the Libraries facet if singleBranchMode is ON 2008-07-18 17:54:11 -05:00
Serials.pm Fix typo, which disabled receipt of non-periodic or unknown periodicity serials due to miscalculation of subscription end. 2008-07-18 13:22:30 -05:00
SMS.pm bug 2275: making SMS::Send module optional 2008-07-04 09:22:27 -05:00
Stats.pm Work in progress, working on the til reconciliation report 2008-01-07 20:49:16 -06:00
Suggestions.pm bugfix : ship utf-8 encoding in mail header 2008-05-12 10:07:55 -05:00
Tags.pm Bug 2279: TagsModeration effectiveness restored. 2008-07-22 15:45:04 -05:00
UploadedFile.pm C4 - BEGIN blocks and 1; __END__ for modules 2008-01-07 20:02:18 -06:00
Utils.pm Big LDAP changes, module test for Context.pm, still more yet to come. 2007-12-04 17:27:06 -06:00
VirtualShelves.pm Correcting C4::VirtualShelves::ShelfPossibleAction to handle the case where the staff user is the superlibrarian ($user == 0) 2008-07-23 06:49:53 -05:00
XISBN.pm Fixing isbn regex to not match unless isbn is valid 2008-05-19 13:12:18 -05:00
XSLT.pm bug 2248 [2/2]: import item status display in search results 2008-06-20 17:47:04 -05:00
Z3950.pm Z3950.pm - BEGIN block VERSION and vars related to export. 2008-01-07 20:02:50 -06:00