[Koha-devel] SQL reports [error]
Paul
paul.a at aandc.org
Mon Apr 30 16:21:28 CEST 2012
At 09:28 AM 4/30/2012 -0400, Chris Nighswonger wrote:
>On Mon, Apr 30, 2012 at 9:27 AM, Chris Nighswonger
><<mailto:cnighswonger at foundations.edu>cnighswonger at foundations.edu> wrote:
>On Mon, Apr 30, 2012 at 9:13 AM, Paul
><<mailto:paul.a at aandc.org>paul.a at aandc.org> wrote:
>
>Can anyone point me rapidly to the portion of script that I should have a
>look at?
>
>Fair warning: Mung up at your own risk....
>
><http://git.koha-community.org/gitweb/?p=koha.git;a=blob;f=reports/guided_reports.pl;h=cb85f39420d9aafc0c3e158ed7c6d58d9dff252d;hb=HEAD#l138>http://git.koha-community.org/gitweb/?p=koha.git;a=blob;f=reports/guided_reports.pl;h=cb85f39420d9aafc0c3e158ed7c6d58d9dff252d;hb=HEAD#l138
>
>and
>
><http://git.koha-community.org/gitweb/?p=koha.git;a=blob;f=reports/guided_reports.pl;h=cb85f39420d9aafc0c3e158ed7c6d58d9dff252d;hb=HEAD#l374>http://git.koha-community.org/gitweb/?p=koha.git;a=blob;f=reports/guided_reports.pl;h=cb85f39420d9aafc0c3e158ed7c6d58d9dff252d;hb=HEAD#l374
>
Chris,
Many thanks, I'll see what I can do (after hours tonight.) Just wondering
if a perl expert could suggest the code to add a "condition" to
if ($sql =~ /;?\W?(UPDATE|DELETE|DROP|INSERT|SHOW|CREATE)\W/i) {
push @errors, {sqlerr => $1};
}
along the lines of " unless username='paul' "
I'm not too worried about the security risks for two reasons a) the script
works as intended, and b) very few of our people actually have their
permissions set to "Allow to access to the reports module."
Best regards - Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/koha-devel/attachments/20120430/14fee9cf/attachment.htm>
More information about the Koha-devel
mailing list