git.koha-community.org Git - koha.git/commit

]> git.koha-community.org Git - koha.git/commit

projects / koha.git / commit

summary | shortlog | log | commit | commitdiff | tree
(parent: b45f0e9) | patch

author	Aleisha Amohia <aleishaamohia@hotmail.com>
	Mon, 29 Jul 2024 03:53:06 +0000 (03:53 +0000)
committer	Tomas Cohen Arazi <tomascohen@theke.io>
	Tue, 13 Aug 2024 14:05:32 +0000 (11:05 -0300)
commit	73880de0c4083cefefc2cbd1986378d50436c532
tree	27f26186d56e02842366a7966d8853189a005da5	tree \| snapshot
parent	b45f0e9978ef1ca97b3226bc500107806a487b12	commit \| diff

Bug 37508: Throw error if password column is detected in SQL report

This enhancement prevents SQL queries from being run if they would return a password field from the database table.

To test:

1. Run tests and notice they fail t/db_dependent/Reports/Guided.t

2. Apply patch and restart services

3. Create a public report with an SQL report which would access a password column in a database table
4. Try to run the report. Notice you are met with an error and the results are not shown.
5. Access the JSON URL, you should not get the results and should be shown an error
6. Confirm tests pass t/db_dependent/Reports/Guided.t

Sponsored-by: Reserve Bank of New Zealand
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

C4/Reports/Guided.pm		diff \| blob \| history
koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tt		diff \| blob \| history
svc/report		diff \| blob \| history
t/db_dependent/Reports/Guided.t		diff \| blob \| history

Main Koha release repository