From 5fc93bce9b786797724539bea1a1689e959078e6 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Marc=20V=C3=A9ron?= Date: Sun, 18 Oct 2015 16:28:52 +0200 Subject: [PATCH] Bug 12721 - Prevent software error if incorrect fieldnames given in sypref StatisticsFields To reproduce issue: See comment #1 To test: - Apply patch - Leave syspref StatisticsFields empty - Display statistics for an author => Result: Table displays Shelving location, Collection code, Item type (as before) - Change syspref to any combination of location|itype|ccode => Result: Table displays columns as appropriate - Change syspref to some garbage => Result: Same as with empty syspref (was crashing without patch) - Change syspref to valid combination with trailing | => Result: Table displays columns as appropriate (was crashing without patch) - Change syspref to a combination of valid and invalid fields (location|blah|ccode) => Result: Table displays column of valid fields only (was crashing without patch) Signed-off-by: Aleisha Signed-off-by: Katrin Fischer Signed-off-by: Brendan Gallagher --- C4/Members/Statistics.pm | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) diff --git a/C4/Members/Statistics.pm b/C4/Members/Statistics.pm index 2dffd30242..c491819a1e 100644 --- a/C4/Members/Statistics.pm +++ b/C4/Members/Statistics.pm @@ -43,13 +43,34 @@ BEGIN { our $fields = get_fields(); + +=head2 get_fields + Get fields form syspref 'StatisticsFields' + Returns list of valid fields, defaults to 'location|itype|ccode' + if syspref is empty or does not contain valid fields +=cut + + sub get_fields { - my $r = C4::Context->preference('StatisticsFields') || 'location|itype|ccode'; - unless ( $r =~ m/^(\w|\d|\||-)+$/) { - warn "Members/Statistics : Bad value for syspref StatisticsFields" if $debug; - $r = 'location|itype|ccode'; + + my $syspref = C4::Context->preference('StatisticsFields'); + my $ret; + + if ( $syspref ) { + my @ret; + my @spfields = split ('\|', $syspref); + my $dbh=C4::Context->dbh; + my $sth = $dbh->prepare('SHOW COLUMNS FROM items'); + $sth->execute; + my $dbfields = $sth->fetchall_hashref('Field'); + $sth->finish(); + + foreach my $fn ( @spfields ) { + push ( @ret, $fn ) if ( $dbfields->{ $fn } ); + } + $ret = join( '|', @ret); } - return $r; + return $ret || 'location|itype|ccode'; } =head2 construct_query -- 2.39.5