Koha/C4
Chris Nighswonger 860f1f70e5 kohabug 2458 Disallowing non-SELECT SQL in reports module
This patch enforces SELECT-only SQL in the reports module.
It introduces code to check SQL in two places. The first is
when a save is attempted on a user constructed SQL statement.
If a non-SELECT SQL statement is entered, the user will be
presented with an error message and a button giving the
option of editing the SQL. The second is when any SQL is
executed. If execution of a non-SELECT SQL statement is
attempted, the user is presented with an error message and
instructed to delete that report as the SQL is invalid.

The second check is intended as a safety net as no non-SELECT
SQL should ever be saved.

It may be well to document the proper usage of the direct SQL
entry type report.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-08-08 10:52:34 -05:00
..
AuthoritiesMarc added C4/AuthoritesMarc/*.pm missed in previous patch 2008-01-04 19:08:30 -06:00
Barcodes Barcodes - OO replacements, extensible module, tests. 2008-07-04 09:22:22 -05:00
ClassSortRoutine ignore "/" when sorting Dewey call numbers 2007-10-23 18:24:29 -05:00
External C4/External/BakerTaylor.pm - Back end for B&T content. 2008-04-22 18:02:33 -05:00
Heading bug 2479: allow MARC21 bib 440 to link to authorities 2008-08-06 14:49:55 -05:00
Members Bug 2176 (2/5): adding patron interface to update messaging preferences 2008-06-20 13:04:50 -05:00
OAI OAI package handle correctly unicode content 2008-07-02 12:25:32 -05:00
Search FRBR: added OPAC search result grouping option 2008-02-11 16:35:17 -06:00
SIP Interactive tests for SIP abstraction representation and Members. 2008-06-25 11:45:30 -05:00
tests Patch from Galen Charlton, removing $Id$ $Log$ and $Revision$ from files 2007-10-18 20:22:01 -05:00
VirtualShelves kohabug 2456 Moving certain C4::VirtualShelves.pm subs from EXPORT 2008-08-04 15:26:52 -05:00
Accounts.pm Remove 'Cash Refund' from manual invoice, as it calls a deprecated function. Change the code for 'forgiven' from 'F' to 'FOR', since 'F' is used for 'Fine' elsewhere in the code. Mark other subroutines as deprecated that utilize the accountoffsets table, since that functionality was lost somewhere in the 2.2 series, and half-using it breaks things. 2008-07-24 11:26:07 -05:00
Acquisition.pm bugfix for #2472 2008-08-06 07:14:01 -05:00
Amazon.pm fix for 2322: Failure to reach amazon.com to retrieve enhanced content causes fatal error in Koha 2008-07-08 16:31:04 -05:00
Auth.pm bug 2459: fix module depedency error blocking SIP2 2008-08-04 15:26:54 -05:00
Auth_with_ldap.pm Bugfix LDAP config to play nice with Zebra. 2008-06-16 15:37:13 -05:00
AuthoritiesMarc.pm bug 2254 [1/3]: fixed GetAuthType(); avoid crash 2008-06-25 11:39:24 -05:00
BackgroundJob.pm C4 - BEGIN blocks and 1; __END__ for modules 2008-01-07 20:02:18 -06:00
Barcodes.pm Barcodes - OO replacements, extensible module, tests. 2008-07-04 09:22:22 -05:00
Biblio.pm Reformatting serials item edit screen to eliminate label truncation and give it additem-like layout. Also correcting some markup errors, both in the template and in markup generated by Biblio.pm. HDL: I assume this will be superceded at some point by an include, but wasn't sure if that would be in time for 3.0. 2008-08-06 10:49:06 -05:00
Bookfund.pm bug-1494, fixed bookfund modify code 2007-11-01 17:27:55 -05:00
Bookseller.pm Refine lateorders - error feedback, filter independence 2008-07-18 13:23:51 -05:00
Boolean.pm Boolean.pm - BEGIN block VERSION and vars related to export. 2008-01-07 20:02:24 -06:00
Branch.pm bug 1953: fixing potential SQL injection problems in C4::Branch::GetBranches 2008-05-12 15:07:17 -05:00
Breeding.pm IMPORTANT - refactor MARC character set handling 2008-02-03 07:23:56 -06:00
Calendar.pm Single FIXME comment inserted. 2008-05-29 07:04:39 -05:00
Charset.pm work around issue in MARC::Charset 2008-04-01 06:46:04 -05:00
Circulation.pm fix for bug 1551: Renewing doesn't move item... 2008-07-16 18:26:16 -05:00
ClassSortRoutine.pm call number work part 2 -- added framework for call number filing routines 2007-10-21 22:11:37 -05:00
ClassSource.pm call number work part 3 -- now using new routines to generate call number sort keys 2007-10-21 22:11:40 -05:00
Context.pm C4::Context::import reloaded 2008-07-31 22:41:32 -05:00
Dates.pm Dates.pm - trivial perldoc corrections 2008-04-08 17:00:07 -05:00
Debug.pm C4::Debug - should resolve conflict w/ CGI upload. Debug no longer uses CGI. 2008-03-16 08:32:20 -05:00
Heading.pm Porting SimpleSearch return changes to all code calling it. 2008-04-17 05:52:45 -05:00
ImportBatch.pm bug 2423: actually ignore already-imported records 2008-07-31 23:01:40 -05:00
Input.pm Input.pm - perldoc correction 2007-12-27 17:21:07 -06:00
Installer.pm bug: 2176 improvements to database upgrade path 2008-06-20 17:47:36 -05:00
Items.pm kohabug 2427 Correcting C4::Items:: _koha_new_item to populate items.copynumber 2008-08-08 06:10:26 -05:00
Koha.pm Bug 1953 [6/6]: adding pod documentation for C4::Koha::displayServers 2008-07-30 03:45:24 -05:00
Labels.pm Further fixes to Labels.pm including escaping '(' and ')' for the PDF distiller 2008-07-12 08:59:36 -05:00
Languages.pm Fix for 2184 2008-07-14 08:39:14 -05:00
Letters.pm Bug 2274 [3/5]: consolidating overdue notice cronjobs into one 2008-07-10 09:10:46 -05:00
Log.pm refactor C4::Log::logaction 2008-03-19 06:34:10 -05:00
Maintainance.pm rel_3_0 moved to HEAD (introducing new files) 2007-03-09 15:34:17 +00:00
Matcher.pm bug 1980: updateing calls to SimpleSearch to limit number of things returned 2008-07-10 09:11:24 -05:00
Members.pm Patron import reform - bug 2287 - expanded error catching and feedback 2008-08-06 09:37:03 -05:00
NewsChannels.pm NewsChannels.pm - BEGIN block VERSION and vars related to export. 2008-01-07 20:02:36 -06:00
Output.pm Bugfix pagination_bar to work with only one param/value pair. 2008-07-10 09:11:44 -05:00
Overdues.pm partial fix for #2471, (overdue notice sent twice) 2008-08-06 14:49:44 -05:00
Print.pm clean up old-style calls to GetMemberDetails 2008-06-25 11:39:22 -05:00
Record.pm fixed MODS biblio export on a "standard" install 2008-04-01 06:46:08 -05:00
Reports.pm kohabug 2458 Disallowing non-SELECT SQL in reports module 2008-08-08 10:52:34 -05:00
Reserves.pm Further update to allow notforloan < 0 items to be placed on hold. This is a workaround for the lack of a notforhold flag. 2008-07-10 15:40:06 -05:00
Review.pm minor cleanup, remove $sth->finish's. No documentation impact. 2008-05-30 10:01:06 -05:00
Scheduler.pm kohabug 1993 - task scheduler improvements 2008-06-09 06:38:03 -05:00
Scrubber.pm Unescape Comment, now that we trust Scrubber to block bad markup. 2008-05-29 06:30:51 -05:00
Search.pm Removes the Libraries facet if singleBranchMode is ON 2008-07-18 17:54:11 -05:00
Serials.pm Bug fixing : 2470 Serials forgetting library 2008-08-06 09:35:44 -05:00
SMS.pm bug 2275: making SMS::Send module optional 2008-07-04 09:22:27 -05:00
Stats.pm Work in progress, working on the til reconciliation report 2008-01-07 20:49:16 -06:00
Suggestions.pm bugfix : ship utf-8 encoding in mail header 2008-05-12 10:07:55 -05:00
Tags.pm Bug 2279: TagsModeration effectiveness restored. 2008-07-22 15:45:04 -05:00
UploadedFile.pm C4 - BEGIN blocks and 1; __END__ for modules 2008-01-07 20:02:18 -06:00
Utils.pm Big LDAP changes, module test for Context.pm, still more yet to come. 2007-12-04 17:27:06 -06:00
VirtualShelves.pm bug 2459: fix module depedency error blocking SIP2 2008-08-04 15:26:54 -05:00
XISBN.pm Fixing isbn regex to not match unless isbn is valid 2008-05-19 13:12:18 -05:00
XSLT.pm bug 2248 [2/2]: import item status display in search results 2008-06-20 17:47:04 -05:00
Z3950.pm Z3950.pm - BEGIN block VERSION and vars related to export. 2008-01-07 20:02:50 -06:00