[Koha-patches] [PATCH] [PATCH][HEAD] (bug #2862) improve sql reports

[Nahuel ANGELINETTI]

Clear all non-alphanum chars at the end of an sql query.
Use ESCAPE=HTML to escape double quotes in csv export
---
 C4/Reports/Guided.pm                               |    1 +
 .../en/modules/reports/guided_reports_start.tmpl   |    2 +-
 2 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/C4/Reports/Guided.pm b/C4/Reports/Guided.pm
index ce5876e..5df6c2a 100644
--- a/C4/Reports/Guided.pm
+++ b/C4/Reports/Guided.pm
@@ -483,6 +483,7 @@ Given some sql and a name this will saved it so that it can resued
 sub save_report {
     my ( $sql, $name, $type, $notes ) = @_;
     my $dbh = C4::Context->dbh();
+    $sql =~ s/(\W*)$//;
     my $query =
 "INSERT INTO saved_sql (borrowernumber,date_created,last_modified,savedsql,report_name,type,notes)  VALUES (?,now(),now(),?,?,?,?)";
     my $sth = $dbh->prepare($query);
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tmpl
index a0450e3..78d7e33 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tmpl
@@ -373,7 +373,7 @@ NAME="name" -->"><!-- TMPL_VAR NAME="name"--></label></td><td>
 <option value="csv">Comma Separated Text</option>
 <option value="tab">Tab Separated Text</option>
 </select>
-<input type="hidden" name="sql" value="<!-- TMPL_VAR NAME="sql" -->" />
+<input type="hidden" name="sql" value="<!-- TMPL_VAR ESCAPE="HTML" NAME="sql" -->" />
 <input type="hidden" name="phase" value="Export" />
 <input type="submit" name="submit" value="Download" /></fieldset>
 </form>
-- 
1.5.6.3