git.koha-community.org Git - koha.git/commit

author	Aleisha Amohia <aleishaamohia@hotmail.com>
	Mon, 29 Jul 2024 03:53:06 +0000 (03:53 +0000)
committer	Katrin Fischer <katrin.fischer@bsz-bw.de>
	Fri, 16 Aug 2024 14:22:23 +0000 (16:22 +0200)
commit	947865f83b11ddf32155db7acf89b6b389b99842
tree	65fd7b48643d5f83e6accff642247ecd1252252d	tree \| snapshot
parent	aec8c65336e90b2f3eaf696cda046a3f6d8c7b79	commit \| diff

Bug 37508: Throw error if password column is detected in SQL report

This enhancement prevents SQL queries from being run if they would return a password field from the database table.

To test:

1. Run tests and notice they fail t/db_dependent/Reports/Guided.t

2. Apply patch and restart services

3. Create a public report with an SQL report which would access a password column in a database table
4. Try to run the report. Notice you are met with an error and the results are not shown.
5. Access the JSON URL, you should not get the results and should be shown an error
6. Confirm tests pass t/db_dependent/Reports/Guided.t

Sponsored-by: Reserve Bank of New Zealand
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

C4/Reports/Guided.pm		diff \| blob \| history
koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tt		diff \| blob \| history
svc/report		diff \| blob \| history
t/db_dependent/Reports/Guided.t		diff \| blob \| history