http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8594
--- Comment #11 from Frère Sébastien Marie <[email protected]> --- (En réponse au commentaire 10) > It doesn't really change anything that wasn't there already, it just does it > in a way that has a greater chance of success. I agreed with Robin: the patch (without context) isn't a problem. It is just a function which take a string (a SQL query) and return: - a new query (a "subset" of the previous one) - the offset and limit (interpolate from previous query) For me, the function is suffisant, but be aware that it could be by-passed (with a $sql *well-formed*, the LIMIT isn't detected, and not removed). The fact that it is a problem, or not, depend of context... just for example: sql_strip("SELECT * FROM test LIMIT /* a comment */ 10") return ("SELECT * FROM test LIMIT /* a comment */ 10", 0, undef) But for me it is ok (if there is not security implication to have a LIMIT not removed... but it needs a global review of the module, not just this patch) -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
