kohabug 2458 Disallowing non-SELECT SQL in reports module
This patch enforces SELECT-only SQL in the reports module.
It introduces code to check SQL in two places. The first is
when a save is attempted on a user constructed SQL statement.
If a non-SELECT SQL statement is entered, the user will be
presented with an error message and a button giving the
option of editing the SQL. The second is when any SQL is
executed. If execution of a non-SELECT SQL statement is
attempted, the user is presented with an error message and
instructed to delete that report as the SQL is invalid.
The second check is intended as a safety net as no non-SELECT
SQL should ever be saved.
It may be well to document the proper usage of the direct SQL
entry type report.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
projects / koha.git / commit