[Koha-bugs] [Bug 7447] Allow to specify a date in overdue_notice.pl

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Tue Feb 7 16:17:48 CET 2012


http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7447

Ian Walls <koha.sekjal at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|Needs Signoff               |Failed QA

--- Comment #2 from Ian Walls <koha.sekjal at gmail.com> 2012-02-07 15:17:48 UTC ---
This patch doesn't do any kind of format-checking on the 'date' param, and then
loads the variable directly into the SQL.  This could cause the query to fail
(at best), return completely different values than intended, or destroy entire
tables (at very worst).

The date variable should be parameterized for the sth->execute(), and should be
rigourously checked for proper date formatting.  If the incoming value is not a
correct date, either warn and use NOW(), or abort the script.

-- 
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.


More information about the Koha-bugs mailing list