[Koha-bugs] [Bug 10033] New: dangerous query in _koha_modify_item
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Apr 12 17:44:27 CEST 2013
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10033
Bug ID: 10033
Summary: dangerous query in _koha_modify_item
Classification: Unclassified
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: P5 - low
Component: Cataloging
Assignee: gmcharlt at gmail.com
Reporter: fridolyn.somers at biblibre.com
CC: m.de.rooy at rijksmuseum.nl
The SQL query build in C4::Items::_koha_modify_item performs an update on a row
of items table identified by itemnumber.
Actually the query is build using a hash of datas :
for my $key ( keys %$item ) {
$query.="$key=?,";
push @bind, $item->{$key};
}
But this hash contains 'itemnumber' key, so you get an update including the
primary key.
It is actually harmless but may be dangerous.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list