git.koha-community.org Git - koha.git/commit

author	Aleisha Amohia <aleishaamohia@hotmail.com>
	Mon, 29 Jul 2024 03:53:06 +0000 (03:53 +0000)
committer	Tomas Cohen Arazi <tomascohen@theke.io>
	Tue, 13 Aug 2024 05:03:22 +0000 (02:03 -0300)
commit	38364e9a17166301ab7d1ffcfd38ba3d0508fc1d
tree	ff5c98788e824f86d296dd678776e70e6cb2dfa8	tree \| snapshot
parent	c7c5250cfe714d0ced2c2b499c80da88b2eae95d	commit \| diff

Bug 37508: Throw error if password column is detected in SQL report

This enhancement prevents SQL queries from being run if they would return a password field from the database table.

To test:

1. Run tests and notice they fail t/db_dependent/Reports/Guided.t

2. Apply patch and restart services

3. Create a public report with an SQL report which would access a password column in a database table
4. Try to run the report. Notice you are met with an error and the results are not shown.
5. Access the JSON URL, you should not get the results and should be shown an error
6. Confirm tests pass t/db_dependent/Reports/Guided.t

Sponsored-by: Reserve Bank of New Zealand
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

C4/Reports/Guided.pm		diff \| blob \| history
koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tt		diff \| blob \| history
svc/report		diff \| blob \| history
t/db_dependent/Reports/Guided.t		diff \| blob \| history