[Koha-patches] [PATCH] Koha Bug 2634 : stopgap fix for 'SELECT * FROM EVERY RELEVANT TABLE'

Ryan Higgins ryan.higgins at liblime.com
Fri Sep 26 09:43:30 CEST 2008 

Note that this will break items details pages if  you have bad links in
your frameworks.  This patch reveals some vestigial kohafields in the
sample MARC21 frameworks that need to be cleaned up.  It may be
better to either select columnnames and remove marc & marcxml
or go ahead and list every column we actually want.  That's a pain, yes,
and I assume we'll have a better fix for 3.2, but we need a fix for this
in 3.0 imo.

On Fri, Sep 26, 2008 at 3:19 AM, Ryan Higgins <rch at liblime.com> wrote:

> Prevents marc and marcxml from being returned by the db by selecting
> only columns that are used in the marc frameworks.
> ---
>  C4/Items.pm |    9 ++++++++-
>  1 files changed, 8 insertions(+), 1 deletions(-)
>
> diff --git a/C4/Items.pm b/C4/Items.pm
> index dd78f98..6421e66 100644
> --- a/C4/Items.pm
> +++ b/C4/Items.pm
> @@ -1184,7 +1184,14 @@ If this is set, it is set to C<One Order>.
>  sub GetItemsInfo {
>     my ( $biblionumber, $type ) = @_;
>     my $dbh   = C4::Context->dbh;
> -    my $query = "SELECT *,items.notforloan as itemnotforloan
> +    my $sthk = $dbh->prepare("SELECT DISTINCT kohafield FROM
> marc_subfield_structure WHERE kohafield IS NOT NULL AND kohafield <>''");
> +    $sthk->execute;
> +    my $fields =  $sthk->fetchall_arrayref ;
> +    # FIXME : we want to exclude marc & marcxml, so we're selecting all
> fields that are linked in our frameworks
> +    # see koha bug 2634.
> +    # rudimentary injection protection with the grep below.  This is a
> temporary fix that needs to be  adressed more seriously.
> +    my $kohafields = join ( ',', grep { $_ =~
> /^biblio\.\w+$|^biblioitems\.\w+$|items\.\w+$/ } map { $_->[0] } @$fields);
> +    my $query = "SELECT $kohafields, items.notforloan as itemnotforloan,
> itemtypes.*
>                  FROM items
>                  LEFT JOIN biblio ON biblio.biblionumber =
> items.biblionumber
>                  LEFT JOIN biblioitems ON biblioitems.biblioitemnumber =
> items.biblioitemnumber";
> --
> 1.5.5.GIT
>
>


-- 
Ryan Higgins

LibLime * Open-Source Solutions for Libraries
Featuring KohaZOOM ILS
888-564-2457 x704
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/koha-patches/attachments/20080926/1f0023e1/attachment-0002.htm>

More information about the Koha-patches mailing list