From d000a716352fb61dc0dae7715eda15896b53b4e7 Mon Sep 17 00:00:00 2001 From: Fridolyn SOMERS Date: Wed, 4 Dec 2013 17:05:32 +0100 Subject: [PATCH] Bug 11338: prevent deletion of items that are captured for holds In C4::Items::DelItemCheck, there are two SQL queries: one to check if item is on loan, the other if item is reserved. Those two queries use "SELECT * FROM table", fetch the data with "$var = $sth->fetchrow", and use "$var" as a boolean condition. This is not correct, SQL query should be "SELECT COUNT(*) FROM table". As a consequence, it was possible to delete an item without warning to the operator even if it was waiting on the hold shelf or in transit to fill a hold. This patch corrects the SQL queries and sets my ($var) to show that fetchrow returns an array. Test plan : - Set an item A onloan - Set an item B reserved and the reserve waiting - Go to items cataloguing : cgi-bin/koha/cataloguing/additem.pl?biblionumber=XXX - Try to delete item A => You get an alert and item is not deleted - Try to delete item B => You get an alert and item is not deleted Signed-off-by: Chris Cormack Works, and has the added bonus of being a tiny bit faster. Signed-off-by: Katrin Fischer Passes t, xt and QA script tests. Also tried deleting via batch delete - correct warnings are displayed. Signed-off-by: Galen Charlton --- C4/Items.pm | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/C4/Items.pm b/C4/Items.pm index 4c1a4ad286..af6134616e 100644 --- a/C4/Items.pm +++ b/C4/Items.pm @@ -2253,11 +2253,14 @@ sub DelItemCheck { # check that there is no issue on this item before deletion. - my $sth=$dbh->prepare("select * from issues i where i.itemnumber=?"); + my $sth = $dbh->prepare(q{ + SELECT COUNT(*) FROM issues + WHERE itemnumber = ? + }); $sth->execute($itemnumber); + my ($onloan) = $sth->fetchrow; my $item = GetItem($itemnumber); - my $onloan=$sth->fetchrow; if ($onloan){ $error = "book_on_loan" @@ -2270,9 +2273,13 @@ sub DelItemCheck { } else{ # check it doesnt have a waiting reserve - $sth=$dbh->prepare("SELECT * FROM reserves WHERE (found = 'W' or found = 'T') AND itemnumber = ?"); + $sth = $dbh->prepare(q{ + SELECT COUNT(*) FROM reserves + WHERE (found = 'W' OR found = 'T') + AND itemnumber = ? + }); $sth->execute($itemnumber); - my $reserve=$sth->fetchrow; + my ($reserve) = $sth->fetchrow; if ($reserve){ $error = "book_reserved"; } elsif ($countanalytics > 0){ -- 2.39.5