[Koha-bugs] [Bug 18497] New: Downloading a report passes the constructed SQL as a parameter
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Apr 26 18:14:00 CEST 2017
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18497
Bug ID: 18497
Summary: Downloading a report passes the constructed SQL as a
parameter
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: P5 - low
Component: Reports
Assignee: gmcharlt at gmail.com
Reporter: nick at bywatersolutions.com
QA Contact: testopia at bugs.koha-community.org
This is not ideal, long queries can cause broken links and is a very messy
link.
report/guided_reports.pl
line 816:
my $sql = $input->param('sql'); # FIXME: use sql from saved report ID#, not
new user-supplied SQL!
We use execute_query, so input is sanitized but links look awful
http://localhost:8081/cgi-bin/koha/reports/guided_reports.pl?reports=1&phase=Export&format=csv&sql=SELECT%20*%20FROM%20message_queue%20ORDER%20BY%20time_queued%20DESC%0D%0A&reportname=Messages
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list