Address SQL injection vulnerability in SQL ORM layer
If the user-supplied value and the db column are both numbers
(jsonObject->type == JSON_NUMBER, get_primitive(field) == "number") then
don't quote. Otherwise, quote.
Signed-off-by: Mike Rylander <email address hidden>
Signed-off-by: Dan Scott <email address hidden>
Signed-off-by: Bill Erickson <email address hidden>
TPAC bucket item retrieval operates in streaming mode
TPAC bucket item retreive fleshes bib records with large blobs of MARC
data. When a bucket contains a few thousand items, the size of the
data passed around in atomic retreival mode will exceed the typical jabber
max stanza size and result in a failure. Retrieve the records in
streaming mode instead.
Signed-off-by: Bill Erickson <email address hidden>
Signed-off-by: Ben Shum <email address hidden>
47da46d...
by
Lebbeous Fogle-Weekley <email address hidden>
Repair an issue in search filter group UI about filtering on owner OU
What was intended to be a filter against filter groups' owner field was
instead turned into a filter on filter group ID.
Avoid problems when auth recs are missing the 901c
Fixed the authority.normalize_heading function to better handle
INT's when there is no 901 present. Now we look for the best-fit
control set instead of throwing a db-level error.
Signed-off-by: Steven Callender <email address hidden>
Signed-off-by: Mike Rylander <email address hidden>