[Koha-bugs] [Bug 2458] New: guided reports allow entering non-SELECT SQL
bugzilla-daemon at pippin.metavore.com
bugzilla-daemon at pippin.metavore.com
Mon Aug 4 16:38:42 CEST 2008
http://bugs.koha.org/cgi-bin/bugzilla/show_bug.cgi?id=2458
Summary: guided reports allow entering non-SELECT SQL
Product: Koha
Version: rel_3_0
Platform: All
OS/Version: All
Status: NEW
Severity: blocker
Priority: P3
Component: Reports
AssignedTo: chris.nighswonger at liblime.com
ReportedBy: galen.charlton at liblime.com
QAContact: koha-bugs at lists.koha.org
The guided reports interface does not prevent a user from issuing a DDL
statement, an UPDATE, or a DELETE statement instead of a SELECT. This can
allow data to be destroyed through the reports interface.
Expected behavior (two parts):
[1] If a user creates a new report from an SQL statement, Koha should refuse to
create the report if the statement is anything other than a SELECT.
[2] When running a saved report, Koha should refuse to run it if the underlying
SQL is anything other than a SELECT statement.
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the Koha-bugs
mailing list