Koha/C4/Utils at 893e60acbc1f0acb22a9bfe85219fcf76af41092 - Koha-community/Koha - Koha: The world's first free and open source library system

History

Jonathan Druart 893e60acbc Bug 27715: Sanitize order by DT params We are not on the safe side when we build the ORDER BY clause from the DataTables parameters. I've started to limit the columns by using Koha::Objects->columns, but for instance for the patron search we need (at least) the columns from the branches, categories and members tables. It seems easier, and still safe, to use a regex. Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Joonas Kylmälä <joonas.kylmala@helsinki.fi> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>	2021-02-24 00:12:59 +01:00
..
DataTables	Bug 27673: Replace YAML with YAML::XS	2021-02-16 14:54:50 +01:00
DataTables.pm	Bug 27715: Sanitize order by DT params	2021-02-24 00:12:59 +01:00

Jonathan Druart 893e60acbc Bug 27715: Sanitize order by DT params

We are not on the safe side when we build the ORDER BY clause from the
DataTables parameters.

I've started to limit the columns by using Koha::Objects->columns, but
for instance for the patron search we need (at least) the columns from
the branches, categories and members tables.
It seems easier, and still safe, to use a regex.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@helsinki.fi>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

2021-02-24 00:12:59 +01:00

DataTables

Bug 27673: Replace YAML with YAML::XS

2021-02-16 14:54:50 +01:00

DataTables.pm

Bug 27715: Sanitize order by DT params

2021-02-24 00:12:59 +01:00