http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7447
Ian Walls <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Failed QA --- Comment #2 from Ian Walls <[email protected]> 2012-02-07 15:17:48 UTC --- This patch doesn't do any kind of format-checking on the 'date' param, and then loads the variable directly into the SQL. This could cause the query to fail (at best), return completely different values than intended, or destroy entire tables (at very worst). The date variable should be parameterized for the sth->execute(), and should be rigourously checked for proper date formatting. If the incoming value is not a correct date, either warn and use NOW(), or abort the script. -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
