From ded29930eb02bd39f8c94fe59496612f5a925ae0 Mon Sep 17 00:00:00 2001
From: Lucas Gass <lucas@bywatersolutions.com>
Date: Tue, 26 Mar 2024 15:45:52 +0000
Subject: [PATCH] Bug 36244: DBRev 23.05.09.001 part 2

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
---
 installer/data/mysql/db_revs/230509001.pl | 27 +++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100755 installer/data/mysql/db_revs/230509001.pl

diff --git a/installer/data/mysql/db_revs/230509001.pl b/installer/data/mysql/db_revs/230509001.pl
new file mode 100755
index 0000000000..5fd40ecb2d
--- /dev/null
+++ b/installer/data/mysql/db_revs/230509001.pl
@@ -0,0 +1,27 @@
+use Modern::Perl;
+
+return {
+    bug_number  => "36244",
+    description => "Template Toolkit syntax not escaped in letter templates",
+    up          => sub {
+        my ($args) = @_;
+        my ( $dbh, $out ) = @$args{qw(dbh out)};
+
+        my $query = q{SELECT * FROM letter WHERE content LIKE "[|%%SET%<<%|%]" ESCAPE '|'};
+        my $sth   = $dbh->prepare($query);
+        $sth->execute();
+        if ( $sth->rows ) {
+            say $out "You have one or more templates that have been affected by bug 36244.";
+            say $out "These templates assign template toolkit variables values";
+            say $out "using the double arrows syntax. E.g. [% SET name = '<<branches.branchname>>' %]";
+            say $out
+                "This will no longer function correctly as Template Toolkit is now rendered before the double arrow syntax.";
+            say $out "The following notices will need to be updated:";
+
+            while ( my $row = $sth->fetchrow_hashref() ) {
+                say $out
+                    "ID: $row->{id} / MODULE: $row->{module} / CODE: $row->{code} / BRANCHCODE: $row->{branchcode} / NAME: $row->{name}";
+            }
+        }
+    },
+};
-- 
2.39.5