[Koha-bugs] [Bug 10033] dangerous query in _koha_modify_item
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Apr 29 16:56:45 CEST 2013
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10033
M. de Rooy <m.de.rooy at rijksmuseum.nl> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #17541|0 |1
is obsolete| |
--- Comment #4 from M. de Rooy <m.de.rooy at rijksmuseum.nl> ---
Created attachment 17794
-->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=17794&action=edit
Bug 10033 - dangerous query in _koha_modify_item
The SQL query build in C4::Items::_koha_modify_item performs an update on a row
of items table identified by itemnumber.
Actually the query is build using a hash of datas :
for my $key ( keys %$item ) {
$query.="$key=?,";
push @bind, $item->{$key};
}
But this hash contains 'itemnumber' key, so you get an update including the
primary key.
It is actually harmless but may be dangerous.
This patch simply skips itemnumber key in above loop.
Test plan :
Check you can create and modify items.
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list