http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10590
--- Comment #2 from Robin Sheat <[email protected]> --- I'm unable to reproduce this, anything following ';' is stripped off. However, if you replace ; with %3B, then it gets through. However, adding e.g. '%3Btruncate+test%3B' to the end of limit does give me a query that finishes like: GROUP BY biblio.biblionumber HAVING tot >0 ORDER BY tot DESC LIMIT 15;truncate test; which isn't ideal. Running this gives me: DBD::mysql::st execute failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'truncate test' at line 14 at /mnt/catalyst/koha/opac/opac-topissues.pl line 117. and I don't fully know why. This said, this shouldn't be possible. I don't think your patch goes far enough though: the $limit should be replaced by a '?' as well as being filtered. I'll test your patch and make a followup with that. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
