[open-ils-commits] r15128 - trunk/Open-ILS/src/perlmods/OpenILS/Application (miker)
svn at svn.open-ils.org
svn at svn.open-ils.org
Wed Dec 9 16:23:52 EST 2009
Author: miker
Date: 2009-12-09 16:23:47 -0500 (Wed, 09 Dec 2009)
New Revision: 15128
Modified:
trunk/Open-ILS/src/perlmods/OpenILS/Application/Booking.pm
Log:
Patch from Lebbeous Fogle-Weekley to fix some of my thinkos, with sql injection protections and corrected json_queries added by moi
Modified: trunk/Open-ILS/src/perlmods/OpenILS/Application/Booking.pm
===================================================================
--- trunk/Open-ILS/src/perlmods/OpenILS/Application/Booking.pm 2009-12-09 21:10:58 UTC (rev 15127)
+++ trunk/Open-ILS/src/perlmods/OpenILS/Application/Booking.pm 2009-12-09 21:23:47 UTC (rev 15128)
@@ -178,7 +178,7 @@
$query->{having}->{'+bram'}->{value}->{'@>'} = {
transform => 'array_accum',
- value => '{'.join(',', @{ $filters->{attribute_values} } ).'}'
+ value => '$'.$$.'${'.join(',', @{ $filters->{attribute_values} } ).'}$'.$$.'$'
};
}
@@ -187,29 +187,31 @@
if (!ref($filters->{available})) { # just one time, start perhaps
$query->{where}->{'+bresv'} = {
- '-or' => {
- 'overbook' => 't',
- '-or' => {
- start_time => { '>=' => $filters->{available} },
- end_time => { '<=' => $filters->{available} },
+ '-or' => [
+ { '+brsrc' => {'overbook' => 't'} },
+ { '-or' =>
+ { start_time => { '>=' => $filters->{available} },
+ end_time => { '<=' => $filters->{available} },
+ }
}
- }
+ ]
};
} else { # start and end times
$query->{where}->{'+bresv'} = {
- '-or' => {
- 'overbook' => 't',
- '-and' => {
- '-or' => {
- start_time => { '>=' => $filters->{available}->[0] },
- end_time => { '<=' => $filters->{available}->[0] },
- },
- '-or' => {
- start_time => { '>=' => $filters->{available}->[1] },
- end_time => { '<=' => $filters->{available}->[1] },
- }
+ '-or' => [
+ { '+brsrc' => {'overbook' => 't'} },
+ { '-and' =>
+ [{ '-or' =>
+ { start_time => { '>=' => $filters->{available}->[0] },
+ end_time => { '<=' => $filters->{available}->[0] },
+ }
+ },{'-or' =>
+ { start_time => { '>=' => $filters->{available}->[1] },
+ end_time => { '<=' => $filters->{available}->[1] },
+ }
+ }]
}
- }
+ ]
};
}
}
@@ -240,17 +242,22 @@
my $cstore = OpenSRF::AppSession->connect('open-ils.cstore');
my $ids = $cstore->request( 'open-ils.cstore.json_query.atomic', $query )->gather(1);
- $ids = [ map { $_->{id} } @$ids ];
$cstore->disconnect;
- my $pcrud = OpenSRF::AppSession->connect('open-ils.pcrud');
- my $allowed_ids = $pcrud->request(
- 'open-ils.pcrud.id_list.brsrc.atomic',
- $auth => { id => $ids }
- )->gather(1);
- $pcrud->disconnect;
+ if (@$ids) {
+ $ids = [ map { $_->{id} } @$ids ];
- return $allowed_ids;
+ my $pcrud = OpenSRF::AppSession->connect('open-ils.pcrud');
+ my $allowed_ids = $pcrud->request(
+ 'open-ils.pcrud.id_list.brsrc.atomic',
+ $auth => { id => $ids }
+ )->gather(1);
+ $pcrud->disconnect;
+
+ return $allowed_ids;
+ } else {
+ return $ids; # empty []
+ }
}
__PACKAGE__->register_method(
method => "resource_list_by_attrs",
@@ -327,7 +334,7 @@
$query->{having}->{'+bravm'}->{attr_value}->{'@>'} = {
transform => 'array_accum',
- value => '{'.join(',', @{ $filters->{attribute_values} } ).'}'
+ value => '$'.$$.'${'.join(',', @{ $filters->{attribute_values} } ).'}$'.$$.'$'
};
}
More information about the open-ils-commits
mailing list