use Encode qw( decode );
use URI::Escape;
use File::Temp;
-use C4::Reports::Guided;
+use C4::Reports::Guided qw( delete_report get_report_areas convert_sql update_sql get_saved_reports get_results ValidateSQLParameters format_results get_report_types get_columns get_from_dictionary get_criteria build_query save_report execute_query nb_rows get_report_groups );
use Koha::Reports;
-use C4::Auth qw/:DEFAULT get_session/;
-use C4::Output;
-use C4::Debug;
+use C4::Auth qw( get_template_and_user get_session );
+use C4::Output qw( pagination_bar output_html_with_http_headers );
use C4::Context;
use Koha::Caches;
-use C4::Log;
-use Koha::DateUtils qw/dt_from_string output_pref/;
+use C4::Log qw( logaction );
+use Koha::DateUtils qw( dt_from_string output_pref );
use Koha::AuthorisedValue;
use Koha::AuthorisedValues;
use Koha::BiblioFrameworks;
use Koha::Libraries;
use Koha::Patron::Categories;
use Koha::SharedContent;
-use Koha::Util::OpenDocument;
+use Koha::Util::OpenDocument qw( generate_ods );
+use C4::ClassSource qw( GetClassSources );
=head1 NAME
query => $input,
type => "intranet",
flagsrequired => { reports => $flagsrequired },
- debug => 1,
}
);
my $session = $cookie ? get_session($cookie->value) : undef;
create_non_existing_group_and_subgroup($input, $group, $subgroup);
- if ($sql =~ /;?\W?(UPDATE|DELETE|DROP|INSERT|SHOW|CREATE)\W/i) {
- push @errors, {sqlerr => $1};
- }
- elsif ($sql !~ /^(SELECT)/i) {
- push @errors, {queryerr => "No SELECT"};
- }
+ my ( $is_sql_valid, $validation_errors ) = Koha::Report->new({ savedsql => $sql })->is_sql_valid;
+ push(@errors, @$validation_errors) unless $is_sql_valid;
if (@errors) {
$template->param(
create_non_existing_group_and_subgroup($input, $group, $subgroup);
## FIXME this is AFTER entering a name to save the report under
- if ($sql =~ /;?\W?(UPDATE|DELETE|DROP|INSERT|SHOW|CREATE)\W/i) {
- push @errors, {sqlerr => $1};
- }
- elsif ($sql !~ /^(SELECT)/i) {
- push @errors, {queryerr => "No SELECT"};
- }
+ my ( $is_sql_valid, $validation_errors ) = Koha::Report->new({ savedsql => $sql })->is_sql_valid;
+ push(@errors, @$validation_errors) unless $is_sql_valid;
if (@errors) {
$template->param(
my ($sql,$header_types) = $report->prep_report( \@param_names, \@sql_params );
$template->param(header_types => $header_types);
my ( $sth, $errors ) = execute_query( $sql, $offset, $limit, undef, $report_id );
- my $total = nb_rows($sql) || 0;
- unless ($sth) {
+ my $total;
+ if (!$sth) {
die "execute_query failed to return sth for report $report_id: $sql";
- } else {
+ } elsif ( !$errors ) {
+ $total = nb_rows($sql) || 0;
my $headers = header_cell_loop($sth);
$template->param(header_row => $headers);
while (my $row = $sth->fetchrow_arrayref()) {
push @allrows, { cells => \@cells };
}
}
- }
- my $totpages = int($total/$limit) + (($total % $limit) > 0 ? 1 : 0);
- my $url = "/cgi-bin/koha/reports/guided_reports.pl?reports=$report_id&phase=Run%20this%20report&limit=$limit&want_full_chart=$want_full_chart";
- if (@param_names) {
- $url = join('&param_name=', $url, map { URI::Escape::uri_escape_utf8($_) } @param_names);
- }
- if (@sql_params) {
- $url = join('&sql_params=', $url, map { URI::Escape::uri_escape_utf8($_) } @sql_params);
- }
+ my $totpages = int($total/$limit) + (($total % $limit) > 0 ? 1 : 0);
+ my $url = "/cgi-bin/koha/reports/guided_reports.pl?reports=$report_id&phase=Run%20this%20report&limit=$limit&want_full_chart=$want_full_chart";
+ if (@param_names) {
+ $url = join('&param_name=', $url, map { URI::Escape::uri_escape_utf8($_) } @param_names);
+ }
+ if (@sql_params) {
+ $url = join('&sql_params=', $url, map { URI::Escape::uri_escape_utf8($_) } @sql_params);
+ }
+ $template->param(
+ 'results' => \@rows,
+ 'allresults' => \@allrows,
+ 'pagination_bar' => pagination_bar($url, $totpages, scalar $input->param('page')),
+ 'unlimited_total' => $total,
+ );
+ }
$template->param(
- 'results' => \@rows,
- 'allresults' => \@allrows,
- 'sql' => $sql,
- original_sql => $original_sql,
- 'id' => $report_id,
- 'execute' => 1,
- 'name' => $name,
- 'notes' => $notes,
- 'errors' => defined($errors) ? [ $errors ] : undef,
- 'pagination_bar' => pagination_bar($url, $totpages, scalar $input->param('page')),
- 'unlimited_total' => $total,
- 'sql_params' => \@sql_params,
- 'param_names' => \@param_names,
+ 'sql' => $sql,
+ original_sql => $original_sql,
+ 'id' => $report_id,
+ 'execute' => 1,
+ 'name' => $name,
+ 'notes' => $notes,
+ 'errors' => defined($errors) ? [$errors] : undef,
+ 'sql_params' => \@sql_params,
+ 'param_names' => \@param_names,
);
}
}