Koha/svc
Aleisha Amohia 947865f83b
Bug 37508: Throw error if password column is detected in SQL report
This enhancement prevents SQL queries from being run if they would return a password field from the database table.

To test:

1. Run tests and notice they fail t/db_dependent/Reports/Guided.t

2. Apply patch and restart services

3. Create a public report with an SQL report which would access a password column in a database table
4. Try to run the report. Notice you are met with an error and the results are not shown.
5. Access the JSON URL, you should not get the results and should be shown an error
6. Confirm tests pass t/db_dependent/Reports/Guided.t

Sponsored-by: Reserve Bank of New Zealand
Signed-off-by: David Cook <dcook@prosentient.com.au>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-08-16 16:22:23 +02:00
..
cataloguing
club Bug 37031: Club enrollment from staff interface fails due to Entrollment typo 2024-07-11 13:40:49 +02:00
config
letters
mana
members
records
virtualshelves
article_request
authentication Bug 36700: Update svc to use CSRF-TOKEN 2024-05-01 13:40:19 +01:00
authorised_values
barcode Bug 37464: Validate "type" sent to barcode/svc 2024-08-16 16:22:21 +02:00
bib Bug 36891: Restore returning 404 from svc/bib when the bib number doesn't exist 2024-06-27 11:50:00 +02:00
bib_framework
bib_profile
checkin
checkout_notes
checkouts
convert_report
cover_images
creator_batches
holds
import_bib Bug 33418: Add overlay_framework option to connexion scripts 2024-05-10 16:45:50 +02:00
localization
new_bib
problem_reports
recall
renew
report Bug 37508: Throw error if password column is detected in SQL report 2024-08-16 16:22:23 +02:00
return_claims
split_callnumbers