Clear all non-alphanum chars at the end of an sql query.
Use ESCAPE=HTML to escape double quotes in csv export
---
C4/Reports.pm | 1 +
.../en/modules/reports/guided_reports_start.tmpl | 2 +-
2 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/C4/Reports.pm b/C4/Reports.pm
index 9a6de77..b9a6791 100644
--- a/C4/Reports.pm
+++ b/C4/Reports.pm
@@ -477,6 +477,7 @@ Given some sql and a name this will saved it so that it can
resued
sub save_report {
my ( $sql, $name, $type, $notes ) = @_;
my $dbh = C4::Context->dbh();
+ $sql =~ s/(\W*)$//;
my $query =
"INSERT INTO saved_sql
(borrowernumber,date_created,last_modified,savedsql,report_name,type,notes)
VALUES (?,now(),now(),?,?,?,?)";
my $sth = $dbh->prepare($query);
diff --git
a/koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tmpl
b/koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tmpl
index 38fa9af..a72bad6 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tmpl
@@ -373,7 +373,7 @@ NAME="name" -->"><!-- TMPL_VAR
NAME="name"--></label></td><td>
<option value="csv">Comma Separated Text</option>
<option value="tab">Tab Separated Text</option>
</select>
-<input type="hidden" name="sql" value="<!-- TMPL_VAR NAME="sql" -->" />
+<input type="hidden" name="sql" value="<!-- TMPL_VAR ESCAPE="HTML" NAME="sql"
-->" />
<input type="hidden" name="phase" value="Export" />
<input type="submit" name="submit" value="Download" /></fieldset>
</form>
--
1.5.6.3
_______________________________________________
Koha-patches mailing list
[email protected]
http://lists.koha.org/mailman/listinfo/koha-patches
