From 42ba7668129bb09bd0664d44b2ea6f8d5543f958 Mon Sep 17 00:00:00 2001
From: scottmk <scottmk@dcc99617-32d9-48b4-a31d-7c20da2025e4>
Date: Thu, 26 Feb 2009 20:06:48 +0000
Subject: [PATCH] In SELECT(): Don't allow virtual fields in the SELECT clause.
 The old code allowed them, only to generate invalid queries asking for
 non-existent columns.

git-svn-id: svn://svn.open-ils.org/ILS/trunk@12311 dcc99617-32d9-48b4-a31d-7c20da2025e4
---
 Open-ILS/src/c-apps/oils_cstore.c | 56 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)

diff --git a/Open-ILS/src/c-apps/oils_cstore.c b/Open-ILS/src/c-apps/oils_cstore.c
index 868c4de170..fe6ef7c470 100644
--- a/Open-ILS/src/c-apps/oils_cstore.c
+++ b/Open-ILS/src/c-apps/oils_cstore.c
@@ -2764,6 +2764,34 @@ char* SELECT (
 						if( defaultselhash ) jsonObjectFree( defaultselhash );
 						free( core_class );
 						return NULL;
+					} else if ( str_is_true( osrfHashGet( field_def, "virtual" ) ) ) {
+						// Virtual field not allowed
+						osrfLogError(
+							OSRF_LOG_MARK,
+							"%s: Selected column \"%s\" for class \"%s\" is virtual",
+							MODULENAME,
+							col_name,
+							cname
+						);
+						if( ctx )
+							osrfAppSessionStatus(
+								ctx->session,
+								OSRF_STATUS_INTERNALSERVERERROR,
+								"osrfMethodException",
+								ctx->request,
+								"Selected column may not be virtual in JSON query"
+							);
+						jsonIteratorFree( select_itr );
+						jsonIteratorFree( selclass_itr );
+						//jsonObjectFree( is_agg );
+						buffer_free( sql_buf );
+						buffer_free( select_buf );
+						buffer_free( order_buf );
+						buffer_free( group_buf );
+						buffer_free( having_buf );
+						if( defaultselhash ) jsonObjectFree( defaultselhash );
+						free( core_class );
+						return NULL;
 					}
 
 					if (locale) {
@@ -2819,6 +2847,34 @@ char* SELECT (
 						if( defaultselhash ) jsonObjectFree( defaultselhash );
 						free( core_class );
 						return NULL;
+					} else if ( str_is_true( osrfHashGet( field_def, "virtual" ) ) ) {
+						// No such field in current class
+						osrfLogError(
+							OSRF_LOG_MARK,
+							"%s: Selected column \"%s\" is virtual for class \"%s\"",
+							MODULENAME,
+							col_name,
+							cname
+						);
+						if( ctx )
+							osrfAppSessionStatus(
+								ctx->session,
+								OSRF_STATUS_INTERNALSERVERERROR,
+								"osrfMethodException",
+								ctx->request,
+								"Selected column is virtual in JSON query"
+							);
+						jsonIteratorFree( select_itr );
+						jsonIteratorFree( selclass_itr );
+						//jsonObjectFree( is_agg );
+						buffer_free( sql_buf );
+						buffer_free( select_buf );
+						buffer_free( order_buf );
+						buffer_free( group_buf );
+						buffer_free( having_buf );
+						if( defaultselhash ) jsonObjectFree( defaultselhash );
+						free( core_class );
+						return NULL;
 					}
 
 					// Decide what to use as a column alias
-- 
2.11.0