Prevents marc and marcxml from being returned by the db by selecting
only columns that are used in the marc frameworks.
---
C4/Items.pm | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
diff --git a/C4/Items.pm b/C4/Items.pm
index dd78f98..6421e66 100644
--- a/C4/Items.pm
+++ b/C4/Items.pm
@@ -1184,7 +1184,14 @@ If this is set, it is set to C<One Order>.
sub GetItemsInfo {
my ( $biblionumber, $type ) = @_;
my $dbh = C4::Context->dbh;
- my $query = "SELECT *,items.notforloan as itemnotforloan
+ my $sthk = $dbh->prepare("SELECT DISTINCT kohafield FROM
marc_subfield_structure WHERE kohafield IS NOT NULL AND kohafield <>''");
+ $sthk->execute;
+ my $fields = $sthk->fetchall_arrayref ;
+ # FIXME : we want to exclude marc & marcxml, so we're selecting all fields
that are linked in our frameworks
+ # see koha bug 2634.
+ # rudimentary injection protection with the grep below. This is a
temporary fix that needs to be adressed more seriously.
+ my $kohafields = join ( ',', grep { $_ =~
/^biblio\.\w+$|^biblioitems\.\w+$|items\.\w+$/ } map { $_->[0] } @$fields);
+ my $query = "SELECT $kohafields, items.notforloan as itemnotforloan,
itemtypes.*
FROM items
LEFT JOIN biblio ON biblio.biblionumber = items.biblionumber
LEFT JOIN biblioitems ON biblioitems.biblioitemnumber =
items.biblioitemnumber";
--
1.5.5.GIT
_______________________________________________
Koha-patches mailing list
[email protected]
http://lists.koha.org/mailman/listinfo/koha-patches
