From ded29930eb02bd39f8c94fe59496612f5a925ae0 Mon Sep 17 00:00:00 2001 From: Lucas Gass Date: Tue, 26 Mar 2024 15:45:52 +0000 Subject: [PATCH] Bug 36244: DBRev 23.05.09.001 part 2 Signed-off-by: Lucas Gass --- installer/data/mysql/db_revs/230509001.pl | 27 +++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100755 installer/data/mysql/db_revs/230509001.pl diff --git a/installer/data/mysql/db_revs/230509001.pl b/installer/data/mysql/db_revs/230509001.pl new file mode 100755 index 0000000000..5fd40ecb2d --- /dev/null +++ b/installer/data/mysql/db_revs/230509001.pl @@ -0,0 +1,27 @@ +use Modern::Perl; + +return { + bug_number => "36244", + description => "Template Toolkit syntax not escaped in letter templates", + up => sub { + my ($args) = @_; + my ( $dbh, $out ) = @$args{qw(dbh out)}; + + my $query = q{SELECT * FROM letter WHERE content LIKE "[|%%SET%<<%|%]" ESCAPE '|'}; + my $sth = $dbh->prepare($query); + $sth->execute(); + if ( $sth->rows ) { + say $out "You have one or more templates that have been affected by bug 36244."; + say $out "These templates assign template toolkit variables values"; + say $out "using the double arrows syntax. E.g. [% SET name = '<>' %]"; + say $out + "This will no longer function correctly as Template Toolkit is now rendered before the double arrow syntax."; + say $out "The following notices will need to be updated:"; + + while ( my $row = $sth->fetchrow_hashref() ) { + say $out + "ID: $row->{id} / MODULE: $row->{module} / CODE: $row->{code} / BRANCHCODE: $row->{branchcode} / NAME: $row->{name}"; + } + } + }, +}; -- 2.39.5