use Modern::Perl;
use CGI qw ( -utf8 );
-use Carp;
+use Carp qw( carp croak );
use JSON qw( from_json );
-use vars qw(@ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
use C4::Context;
use C4::Templates qw/themelanguage/;
-use C4::Koha;
-use Koha::DateUtils;
+use C4::Koha qw( GetAuthorisedValues );
+use Koha::DateUtils qw( dt_from_string output_pref );
use Koha::Patrons;
use Koha::Reports;
use C4::Output;
-use C4::Debug;
-use C4::Log;
+use C4::Log qw( logaction );
use Koha::Notice::Templates;
-use C4::Letters;
+use Koha::Logger;
use Koha::AuthorisedValues;
use Koha::Patron::Categories;
use Koha::SharedContent;
+our (@ISA, @EXPORT_OK);
BEGIN {
require Exporter;
@ISA = qw(Exporter);
- @EXPORT = qw(
+ @EXPORT_OK = qw(
get_report_types get_report_areas get_report_groups get_columns build_query get_criteria
save_report get_saved_reports execute_query
get_column_type get_distinct_values save_dictionary get_from_dictionary
- delete_definition delete_report format_results get_sql
+ delete_definition delete_report store_results format_results get_sql get_results
nb_rows update_sql
+ strip_limit
+ convert_sql
GetReservedAuthorisedValues
GetParametersFromSQL
IsAuthorisedValueValid
ValidateSQLParameters
nb_rows update_sql
+ EmailReport
);
}
$dbh->{RaiseError} = $RaiseError;
$dbh->{PrintError} = $PrintError;
if ($@) { # To catch "Duplicate column name" caused by the derived table, or any other syntax error
- $sth = $dbh->prepare($sql);
- $sth->execute;
+ eval {
+ $sth = $dbh->prepare($sql);
+ $sth->execute;
+ };
+ warn $@ if $@;
# Loop through the complete results, fetching 1,000 rows at a time. This
# lowers memory requirements but increases execution time.
while (my $rows = $sth->fetchall_arrayref(undef, 1000)) {
}
$offset = 0 unless $offset;
$limit = 999999 unless $limit;
- $debug and print STDERR "execute_query($sql, $offset, $limit)\n";
- if ($sql =~ /;?\W?(UPDATE|DELETE|DROP|INSERT|SHOW|CREATE)\W/i) {
- return (undef, { sqlerr => $1} );
- } elsif ($sql !~ /^\s*SELECT\b\s*/i) {
- return (undef, { queryerr => 'Missing SELECT'} );
+
+ Koha::Logger->get->debug("Report - execute_query($sql, $offset, $limit)");
+
+ my ( $is_sql_valid, $errors ) = Koha::Report->new({ savedsql => $sql })->is_sql_valid;
+ return (undef, @{$errors}[0]) unless $is_sql_valid;
+
+ foreach my $sql_param ( @$sql_params ){
+ if ( $sql_param =~ m/\n/ ){
+ my @list = split /\n/, $sql_param;
+ my @quoted_list;
+ foreach my $item ( @list ){
+ $item =~ s/\r//;
+ push @quoted_list, C4::Context->dbh->quote($item);
+ }
+ $sql_param = "(".join(",",@quoted_list).")";
+ }
}
my ($useroffset, $userlimit);
# Grab offset/limit from user supplied LIMIT and drop the LIMIT so we can control pagination
($sql, $useroffset, $userlimit) = strip_limit($sql);
- $debug and warn sprintf "User has supplied (OFFSET,) LIMIT = %s, %s",
- $useroffset,
- (defined($userlimit ) ? $userlimit : 'UNDEF');
+
+ Koha::Logger->get->debug(
+ sprintf "User has supplied (OFFSET,) LIMIT = %s, %s",
+ $useroffset, ( defined($userlimit) ? $userlimit : 'UNDEF' ) );
+
$offset += $useroffset;
if (defined($userlimit)) {
if ($offset + $limit > $userlimit ) {
$dbh->do( 'UPDATE saved_sql SET last_run = NOW() WHERE id = ?', undef, $report_id ) if $report_id;
my $sth = $dbh->prepare($sql);
- $sth->execute(@$sql_params, $offset, $limit);
+ eval {
+ $sth->execute(@$sql_params, $offset, $limit);
+ };
+ warn $@ if $@;
return ( $sth, { queryerr => $sth->errstr } ) if ($sth->err);
return ( $sth );
sub GetReservedAuthorisedValues {
my %reserved_authorised_values =
map { $_ => 1 } ( 'date',
+ 'list',
'branches',
'itemtypes',
'cn_source',