7fdaaa4...
by
Galen Charlton <email address hidden>
LP#2023222: prevent open-ils.fielder.$IDLCLASS from invoking function transforms
This patch adds some argument checking to the family of
open-ils.fielder.$IDLCLASS[.atomic] methods to prevent
JSON query funcion transforms from being invoked. This
is needed to prevent unauthenticated callers from invoking
arbitrary stored procedures.
This is a security patch that closes down a pathway
towards remote, unauthenticated SQL injection attacks.
LP#2024682: fix regression in action.item_user_circ_test
A previous bugfix reverted portions of the action.item_user_circ_test
function to an older version in the 3.9.1-3.10.0 version upgrade script.
This commit provides an upgrade script to restore the correct version of
the function on 3.10.
Signed-off-by: Jeff Davis <email address hidden>
Signed-off-by: Galen Charlton <email address hidden>