git.koha-community.org Git - koha.git/commit

]> git.koha-community.org Git - koha.git/commit

projects / koha.git / commit

summary | shortlog | log | commit | commitdiff | tree
(parent: a9a81c9) | patch

author	Aleisha Amohia <aleishaamohia@hotmail.com>
	Mon, 29 Jul 2024 03:53:06 +0000 (03:53 +0000)
committer	Tomas Cohen Arazi <tomascohen@theke.io>
	Mon, 12 Aug 2024 18:35:12 +0000 (15:35 -0300)
commit	62874e328dcf8e7f619bb2f91fc07daaef349688
tree	9ee1f7dd72754167a967c67cf5b36948465e708a	tree \| snapshot
parent	a9a81c97e4efc1a511705e29aff5ef5e0493119a	commit \| diff

Bug 37508: Throw error if password column is detected in SQL report

This enhancement prevents SQL queries from being run if they would return a password field from the database table.

To test:

1. Run tests and notice they fail t/db_dependent/Reports/Guided.t

2. Apply patch and restart services

3. Create a public report with an SQL report which would access a password column in a database table
4. Try to run the report. Notice you are met with an error and the results are not shown.
5. Access the JSON URL, you should not get the results and should be shown an error
6. Confirm tests pass t/db_dependent/Reports/Guided.t

Sponsored-by: Reserve Bank of New Zealand
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

C4/Reports/Guided.pm		diff \| blob \| history
koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tt		diff \| blob \| history
svc/report		diff \| blob \| history
t/db_dependent/Reports/Guided.t		diff \| blob \| history

Main Koha release repository