From 7f8523ed965371de38d7c805b187d61c40b3b5da Mon Sep 17 00:00:00 2001
From: Katrin Fischer <katrin.fischer@bsz-bw.de>
Date: Wed, 3 Apr 2024 14:27:42 +0000
Subject: [PATCH] Bug 36244: DBRev 23.12.00.014

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
---
 Koha.pm                                   |  2 +-
 installer/data/mysql/db_revs/231200014.pl | 27 +++++++++++++++++++++++
 2 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100755 installer/data/mysql/db_revs/231200014.pl

diff --git a/Koha.pm b/Koha.pm
index a20a452620..6c321e6b43 100644
--- a/Koha.pm
+++ b/Koha.pm
@@ -29,7 +29,7 @@ use vars qw{ $VERSION };
 # - #4 : the developer version. The 4th number is the database subversion.
 #        used by developers when the database changes. updatedatabase take care of the changes itself
 #        and is automatically called by Auth.pm when needed.
-$VERSION = "23.12.00.013";
+$VERSION = "23.12.00.014";
 
 sub version {
     return $VERSION;
diff --git a/installer/data/mysql/db_revs/231200014.pl b/installer/data/mysql/db_revs/231200014.pl
new file mode 100755
index 0000000000..5fd40ecb2d
--- /dev/null
+++ b/installer/data/mysql/db_revs/231200014.pl
@@ -0,0 +1,27 @@
+use Modern::Perl;
+
+return {
+    bug_number  => "36244",
+    description => "Template Toolkit syntax not escaped in letter templates",
+    up          => sub {
+        my ($args) = @_;
+        my ( $dbh, $out ) = @$args{qw(dbh out)};
+
+        my $query = q{SELECT * FROM letter WHERE content LIKE "[|%%SET%<<%|%]" ESCAPE '|'};
+        my $sth   = $dbh->prepare($query);
+        $sth->execute();
+        if ( $sth->rows ) {
+            say $out "You have one or more templates that have been affected by bug 36244.";
+            say $out "These templates assign template toolkit variables values";
+            say $out "using the double arrows syntax. E.g. [% SET name = '<<branches.branchname>>' %]";
+            say $out
+                "This will no longer function correctly as Template Toolkit is now rendered before the double arrow syntax.";
+            say $out "The following notices will need to be updated:";
+
+            while ( my $row = $sth->fetchrow_hashref() ) {
+                say $out
+                    "ID: $row->{id} / MODULE: $row->{module} / CODE: $row->{code} / BRANCHCODE: $row->{branchcode} / NAME: $row->{name}";
+            }
+        }
+    },
+};
-- 
2.39.5