From 99e25ff30dd574ac2dc13e3e73cdccee6f44ce1f Mon Sep 17 00:00:00 2001 From: David Cook Date: Thu, 3 Jul 2014 16:32:57 +1000 Subject: [PATCH] Bug 12522 - Fatal database error when viewing Holds for Bib with no Items This patch fixes some potential SQL syntax errors, which can cause fatal software errors in Koha when the environmental variable DEBUG is on. _TEST PLAN_ Before applying: 0) Ensure that you don't have "SetEnv DEBUG 1" in your Apache config 1) Create a new bib record 2) Click on the "Holds" tab before creating any items 3) Note the message "Cannot place hold: this record has no items attached." 4) Add "SetEnv DEBUG 1" to your Apache config 5) Restart Apache 6) Refresh your page 7) Note the following Software Error: "DBD::mysql::st execute failed: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ')' at line 3 at /koha/lib/C4/Koha.pm line 835. 8) Apply the patch 9) Refresh your page 10) Note the message from Step 3 Thorough tester: 11) Remove "SetEnv DEBUG 1" from your Apache config, restart Apache, and refresh your page. You should see the message from Step 3. Signed-off-by: Bernardo Gonzalez Kriegel Error reproduced, patch fixes it. Tested following test plan, no koha-qa errors. Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi --- C4/Biblio.pm | 8 +++++--- C4/Items.pm | 8 +++++--- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/C4/Biblio.pm b/C4/Biblio.pm index b0c7ad7bf1..a1005001e9 100644 --- a/C4/Biblio.pm +++ b/C4/Biblio.pm @@ -1074,13 +1074,15 @@ sub GetBiblio { sub GetBiblioItemInfosOf { my @biblioitemnumbers = @_; - my $query = ' + my $biblioitemnumber_values = @biblioitemnumbers ? join( ',', @biblioitemnumbers ) : "''"; + + my $query = " SELECT biblioitemnumber, publicationyear, itemtype FROM biblioitems - WHERE biblioitemnumber IN (' . join( ',', @biblioitemnumbers ) . ') - '; + WHERE biblioitemnumber IN ($biblioitemnumber_values) + "; return get_infos_of( $query, 'biblioitemnumber' ); } diff --git a/C4/Items.pm b/C4/Items.pm index 1781880095..6ab04e3345 100644 --- a/C4/Items.pm +++ b/C4/Items.pm @@ -1145,11 +1145,13 @@ sub GetItemsCount { sub GetItemInfosOf { my @itemnumbers = @_; - my $query = ' + my $itemnumber_values = @itemnumbers ? join( ',', @itemnumbers ) : "''"; + + my $query = " SELECT * FROM items - WHERE itemnumber IN (' . join( ',', @itemnumbers ) . ') - '; + WHERE itemnumber IN ($itemnumber_values) + "; return get_infos_of( $query, 'itemnumber' ); } -- 2.20.1