Bug 11666: remove SQL as an option for MARC framework exports and imports
The SQL option for MARC framework imports was subject to a bug whereby
somebody could use it to gain access to arbitrary information in the
database by uploading an SQL file containing unexpected statements.
As it is difficult to securely sanitize SQL, this patch removes the
option to use SQL as an import or export format.
To test:
[1] Verify that SQL no longer appears as an import or export option
for the MARC frameworks.
[2] Verify that exports and imports in CSV, Excel XML, and ODS formats
still work.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Works as advertised. The UI doesn't offer exporting/importing in the SQL format.
Crafting the URL to export SQL fallbacks to a spreadsheet format (ODS).
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described, passes all tests and QA script.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
(cherry picked from commit
94e349ff6ce4a1abb313102decc12429d02dfb4b)
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
There were conflicts on the template. The modified strings wont get translated
but in as it is an administrative feature that not everyone uses on a daily basis
I think it wont hurt. And will get fixed in a couple of weeks anyway.
(cherry picked from commit
41e17032d6bc70ceea08c73eb2d8350cb99aa57f)
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
(cherry picked from commit
41e17032d6bc70ceea08c73eb2d8350cb99aa57f)
projects / koha.git / commit