git.koha-community.org Git - koha.git/commit

]> git.koha-community.org Git - koha.git/commit

projects / koha.git / commit

summary | shortlog | log | commit | commitdiff | tree
(parent: 700af3f) | patch

author	Fridolyn SOMERS <fridolyn.somers@biblibre.com>
	Fri, 12 Apr 2013 15:24:17 +0000 (17:24 +0200)
committer	Chris Cormack <chris@bigballofwax.co.nz>
	Thu, 9 May 2013 07:23:26 +0000 (19:23 +1200)
commit	60465fc463618be1bb07e948ab79aaee71e14e9c
tree	17e60707a5b3e81b7267d43f16b6a33b2e7e7443	tree \| snapshot
parent	700af3fb2131ea540a800978146493db24fb8725	commit \| diff

Bug 10033 - dangerous query in _koha_modify_item

The SQL query build in C4::Items::_koha_modify_item performs an update on a row of items table identified by itemnumber.
Actually the query is build using a hash of datas :
    for my $key ( keys %$item ) {
        $query.="$key=?,";
        push @bind, $item->{$key};
    }
But this hash contains 'itemnumber' key, so you get an update including the primary key.
It is actually harmless but may be dangerous.

This patch simply skips itemnumber key in above loop.

Test plan :
Check you can create and modify items.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
(cherry picked from commit 598dfe27224f517fafa06df75521c623992ecbe0)

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
(cherry picked from commit ba8e383cf6835e204259063e6c18ac9c3892029b)

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

diff | blob | history

Main Koha release repository