860f1f70e5
This patch enforces SELECT-only SQL in the reports module. It introduces code to check SQL in two places. The first is when a save is attempted on a user constructed SQL statement. If a non-SELECT SQL statement is entered, the user will be presented with an error message and a button giving the option of editing the SQL. The second is when any SQL is executed. If execution of a non-SELECT SQL statement is attempted, the user is presented with an error message and instructed to delete that report as the SQL is invalid. The second check is intended as a safety net as no non-SELECT SQL should ever be saved. It may be well to document the proper usage of the direct SQL entry type report. Signed-off-by: Joshua Ferraro <jmf@liblime.com> |
||
---|---|---|
.. | ||
acqui | ||
admin | ||
authorities | ||
catalogue | ||
cataloguing | ||
circ | ||
errors | ||
help | ||
installer | ||
labels | ||
maint | ||
members | ||
reports | ||
reserve | ||
reviews | ||
serials | ||
sms | ||
suggestion | ||
tags | ||
tools | ||
virtualshelves | ||
z3950 | ||
about.tmpl | ||
auth.tmpl | ||
intranet-main.tmpl |