Koha/reports
Chris Nighswonger 860f1f70e5 kohabug 2458 Disallowing non-SELECT SQL in reports module
This patch enforces SELECT-only SQL in the reports module.
It introduces code to check SQL in two places. The first is
when a save is attempted on a user constructed SQL statement.
If a non-SELECT SQL statement is entered, the user will be
presented with an error message and a button giving the
option of editing the SQL. The second is when any SQL is
executed. If execution of a non-SELECT SQL statement is
attempted, the user is presented with an error message and
instructed to delete that report as the SQL is invalid.

The second check is intended as a safety net as no non-SELECT
SQL should ever be saved.

It may be well to document the proper usage of the direct SQL
entry type report.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-08-08 10:52:34 -05:00
..
acquisitions_stats.pl kohabug 2345: bad comparisons pervade reports 2008-07-27 06:11:08 -05:00
bor_issues_top.pl kohabug 2345: bad comparisons pervade reports 2008-07-27 06:11:08 -05:00
borrowers_out.pl kohabug 2345: bad comparisons pervade reports 2008-07-27 06:11:08 -05:00
borrowers_stats.pl kohabug 2345: bad comparisons pervade reports 2008-07-27 06:11:08 -05:00
cat_issues_top.pl kohabug 2345: bad comparisons pervade reports 2008-07-27 06:11:08 -05:00
catalogue_out.pl Total overhaul of broken "Items with no checkouts" report. 2008-07-10 09:11:32 -05:00
catalogue_stats.pl kohabug 2345: bad comparisons pervade reports 2008-07-27 06:11:08 -05:00
dictionary.pl kohabug 1679 & 1680 Fixes date formatting in guided reports wizard 2008-08-04 15:26:49 -05:00
guided_reports.pl kohabug 2458 Disallowing non-SELECT SQL in reports module 2008-08-08 10:52:34 -05:00
issues_avg_stats.pl kohabug 2345: bad comparisons pervade reports 2008-07-27 06:11:08 -05:00
issues_by_borrower_category.plugin BugFixing : 1299 /displaying lists for document types and borrower categories 2008-01-17 21:00:59 -06:00
issues_stats.pl Report cleanup - fix highlight, add debugging feedback 2008-07-12 08:59:38 -05:00
itemslost.pl Bug 2094: fixing two bugs in lost items report 2008-05-11 06:48:51 -05:00
itemtypes.plugin Fix 'Catalog by Itemtype' report to work with item-level itypes 2008-07-25 08:49:45 -05:00
manager.pl reports subdir - Dates.pm integration and warnings fixes. 2007-12-04 18:21:02 -06:00
reports-home.pl fixing permissions on scripts 2007-08-13 12:22:30 -05:00
reservereport.pl item rework: moved various accessor functions 2008-01-03 16:25:05 -06:00
stats.print.pl functions that were in C4::Interface::CGI::Output are now in C4::Output. 2007-04-24 13:54:28 +00:00
stats.screen.pl stats.screen.pl - cleanup, conditionalize warns w/ Debug 2008-04-22 18:02:50 -05:00