This patch fixes some potential SQL syntax errors, which can cause
fatal software errors in Koha when the environmental variable DEBUG
is on.
_TEST PLAN_
Before applying:
0) Ensure that you don't have "SetEnv DEBUG 1" in your Apache config
1) Create a new bib record
2) Click on the "Holds" tab before creating any items
3) Note the message "Cannot place hold: this record has no
items attached."
4) Add "SetEnv DEBUG 1" to your Apache config
5) Restart Apache
6) Refresh your page
7) Note the following Software Error: "DBD::mysql::st execute failed:
You have an error in your SQL syntax; check the manual that
corresponds to your MariaDB server version for the right syntax to
use near ')' at line 3 at /koha/lib/C4/Koha.pm line 835.
8) Apply the patch
9) Refresh your page
10) Note the message from Step 3
Thorough tester:
11) Remove "SetEnv DEBUG 1" from your Apache config, restart Apache,
and refresh your page. You should see the message from Step 3.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Error reproduced, patch fixes it.
Tested following test plan, no koha-qa errors.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
sub GetBiblioItemInfosOf {
my @biblioitemnumbers = @_;
- my $query = '
+ my $biblioitemnumber_values = @biblioitemnumbers ? join( ',', @biblioitemnumbers ) : "''";
+
+ my $query = "
SELECT biblioitemnumber,
publicationyear,
itemtype
FROM biblioitems
- WHERE biblioitemnumber IN (' . join( ',', @biblioitemnumbers ) . ')
- ';
+ WHERE biblioitemnumber IN ($biblioitemnumber_values)
+ ";
return get_infos_of( $query, 'biblioitemnumber' );
}
sub GetItemInfosOf {
my @itemnumbers = @_;
- my $query = '
+ my $itemnumber_values = @itemnumbers ? join( ',', @itemnumbers ) : "''";
+
+ my $query = "
SELECT *
FROM items
- WHERE itemnumber IN (' . join( ',', @itemnumbers ) . ')
- ';
+ WHERE itemnumber IN ($itemnumber_values)
+ ";
return get_infos_of( $query, 'itemnumber' );
}