[Koha-devel] And finally... bug 662

[MJ Ray]

I've almost finished committing fixes for bug 662 to the 2.0 branch. 
That's the one with DBI calls using interpolation instead of 
placeholders, which is a common way for user input SQL insertion 
attacks. I think it's a blocker, but Paul hasn't agreed. Can these 
fixes be copied to HEAD/2.1, please?

I'm assuming that the updater scripts are never run from the web and 
leaving them alone for now. Is that correct?

Three comments from the last round of fixes:
1. The same code repeated lots is probably an indication that 
something isn't right;
2. Helpers like counters of array length can often be done another 
clearer way;
3. dbh->quote() is very rarely needed.

Finally, sorry if I broke anything. Since the first problems, I'm 
checking with perl -c as much as possible, but it's not all been 
tested in place yet.

--
MJR/slef     My Opinion Only and possibly not of any group I know.
Please http://remember.to/edit_messages on lists to be sure I read
http://mjr.towers.org.uk/ gopher://g.towers.org.uk/ address@hidden
 Creative copyleft computing services via http://www.ttllp.co.uk/