From f9f01ab88fc373074ec4d78d9f98d9b23864642e Mon Sep 17 00:00:00 2001 From: Marcel de Rooy Date: Fri, 9 Aug 2024 09:56:11 +0000 Subject: [PATCH] Bug 37508: (QA follow-up) Use ->check_columns Add shebang to Guided.t too. Test plan: See also previous commits. Try sql like: select access_token from oauth_access_tokens Signed-off-by: Marcel de Rooy Signed-off-by: Tomas Cohen Arazi --- C4/Reports/Guided.pm | 12 +++--------- t/db_dependent/Reports/Guided.t | 2 ++ 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/C4/Reports/Guided.pm b/C4/Reports/Guided.pm index 20d74bb72c..626fb4b15a 100644 --- a/C4/Reports/Guided.pm +++ b/C4/Reports/Guided.pm @@ -615,15 +615,9 @@ sub execute_query { }; warn $@ if $@; - if ( $sql =~ m/password/ ) { - return ( $sth, { passworderr => "Illegal column in SQL" } ); - } - - foreach my $column ( @{ $sth->{NAME_lc} } ) { - if ( $column eq 'password' ) { - return ( $sth, { passworderr => "Illegal column in results" } ); - } - } + # Check if table.* contained forbidden column names + return ( $sth, { passworderr => "Illegal column in results" } ) + if Koha::Report->new->check_columns( undef, $sth->{NAME_lc} ); return ( $sth, { queryerr => $sth->errstr } ) if ($sth->err); return ( $sth ); diff --git a/t/db_dependent/Reports/Guided.t b/t/db_dependent/Reports/Guided.t index 18bd7763d2..e84ccc2e00 100755 --- a/t/db_dependent/Reports/Guided.t +++ b/t/db_dependent/Reports/Guided.t @@ -1,3 +1,5 @@ +#!/usr/bin/perl + # Copyright 2012 Catalyst IT Ltd. # Copyright 2015 Koha Development team # -- 2.39.5