git.koha-community.org Git - koha.git/commit

author	Aleisha Amohia <aleishaamohia@hotmail.com>
	Mon, 29 Jul 2024 03:53:06 +0000 (03:53 +0000)
committer	Tomas Cohen Arazi <tomascohen@theke.io>
	Tue, 13 Aug 2024 14:54:01 +0000 (11:54 -0300)
commit	09315dfb281caf9197aa8f993d41e6cbb0382e82
tree	61cded987d076868ced9ef6a964b07489cdf7851	tree \| snapshot
parent	5514a673e8810f6ebfc8d7312994a02cbf74a54d	commit \| diff

Bug 37508: Throw error if password column is detected in SQL report

This enhancement prevents SQL queries from being run if they would return a password field from the database table.

To test:

1. Run tests and notice they fail t/db_dependent/Reports/Guided.t

2. Apply patch and restart services

3. Create a public report with an SQL report which would access a password column in a database table
4. Try to run the report. Notice you are met with an error and the results are not shown.
5. Access the JSON URL, you should not get the results and should be shown an error
6. Confirm tests pass t/db_dependent/Reports/Guided.t

Sponsored-by: Reserve Bank of New Zealand
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

C4/Reports/Guided.pm		diff \| blob \| history
koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tt		diff \| blob \| history
svc/report		diff \| blob \| history
t/db_dependent/Reports/Guided.t		diff \| blob \| history