[open-ils-commits] r16766 - branches/rel_1_6_1/Open-ILS/src/c-apps (miker)

[svn at svn.open-ils.org]

Author: miker
Date: 2010-06-18 15:42:40 -0400 (Fri, 18 Jun 2010)
New Revision: 16766

Modified:
   branches/rel_1_6_1/Open-ILS/src/c-apps/oils_cstore.c
Log:
Backport security fix r16747 from trunk

Modified: branches/rel_1_6_1/Open-ILS/src/c-apps/oils_cstore.c
===================================================================
--- branches/rel_1_6_1/Open-ILS/src/c-apps/oils_cstore.c	2010-06-18 19:40:14 UTC (rev 16765)
+++ branches/rel_1_6_1/Open-ILS/src/c-apps/oils_cstore.c	2010-06-18 19:42:40 UTC (rev 16766)
@@ -94,6 +94,12 @@
 static jsonObject* jsonNULL = NULL; // 
 static int max_flesh_depth = 100;
 
+#ifdef PCRUD
+static int enforce_pcrud = 1;     // Boolean
+#else
+static int enforce_pcrud = 0;     // Boolean
+#endif
+
 /* called when this process is about to exit */
 void osrfAppChildExit() {
     osrfLogDebug(OSRF_LOG_MARK, "Child is exiting, disconnecting from database...");
@@ -804,7 +810,7 @@
             jsonObjectRemoveKey( jsonObjectGetIndex( _p, 1 ), "select" );
             jsonObjectRemoveKey( jsonObjectGetIndex( _p, 1 ), "no_i18n" );
             jsonObjectRemoveKey( jsonObjectGetIndex( _p, 1 ), "flesh" );
-            jsonObjectRemoveKey( jsonObjectGetIndex( _p, 1 ), "flesh_columns" );
+            jsonObjectRemoveKey( jsonObjectGetIndex( _p, 1 ), "flesh_fields" );
         } else {
             jsonObjectSetIndex( _p, 1, jsonNewObjectType(JSON_HASH) );
         }
@@ -4271,7 +4277,7 @@
 	dbi_result_free(result);
 	free(sql);
 
-	if (res_list->size && order_hash) {
+	if (res_list->size && order_hash && ! enforce_pcrud) {
 		_tmp = jsonObjectGetKeyConst( order_hash, "flesh" );
 		if (_tmp) {
 			int x = (int)jsonObjectGetNumber(_tmp);