860f1f70e5
This patch enforces SELECT-only SQL in the reports module. It introduces code to check SQL in two places. The first is when a save is attempted on a user constructed SQL statement. If a non-SELECT SQL statement is entered, the user will be presented with an error message and a button giving the option of editing the SQL. The second is when any SQL is executed. If execution of a non-SELECT SQL statement is attempted, the user is presented with an error message and instructed to delete that report as the SQL is invalid. The second check is intended as a safety net as no non-SELECT SQL should ever be saved. It may be well to document the proper usage of the direct SQL entry type report. Signed-off-by: Joshua Ferraro <jmf@liblime.com> |
||
|---|---|---|
| .. | ||
| acquisitions_stats.pl | ||
| bor_issues_top.pl | ||
| borrowers_out.pl | ||
| borrowers_stats.pl | ||
| cat_issues_top.pl | ||
| catalogue_out.pl | ||
| catalogue_stats.pl | ||
| dictionary.pl | ||
| guided_reports.pl | ||
| issues_avg_stats.pl | ||
| issues_by_borrower_category.plugin | ||
| issues_stats.pl | ||
| itemslost.pl | ||
| itemtypes.plugin | ||
| manager.pl | ||
| reports-home.pl | ||
| reservereport.pl | ||
| stats.print.pl | ||
| stats.screen.pl | ||