From 91cd25fbcab912aabfc0df204b46b5a67ab6d8b8 Mon Sep 17 00:00:00 2001 From: Galen Charlton Date: Thu, 25 Jan 2018 14:40:47 -0500 Subject: [PATCH] LP#1745462: guard against scanning entire authority table This patch ensures that if, for whatever reason, a MARC editor headings validation action includes a field whose subfield values are empty, it ignores any cases where the normalized heading works out to NULL or the empty string. Otherwise, the database can be asked to fetch the IDs of most/all records in the database, and open-ils.cstore backend can be asked to store the entire result set in memory. To test ------- [0] Ensure that statement logging is turned on in the PostgreSQL database. [1] In the web staff client, create a new bib. Ensure that at least one of the authority-controlled fields has no subfield values. [2] Hit the Validate button. [3] Note that the following query is logged by the database: SELECT "are".id AS "id" FROM authority.record_entry AS "are" WHERE "are".control_set = '1' AND "are".deleted = 'f' AND "are".simple_heading IS NOT NULL; [4] Apply the patch and repeat steps 1 and 2. This time, note that no such query is recorded. [5] Verify that validating headings that are not empty does continue to work. Signed-off-by: Galen Charlton Signed-off-by: Chris Sharp --- Open-ILS/src/perlmods/lib/OpenILS/Application/Search/Authority.pm | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/Search/Authority.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/Search/Authority.pm index a20dfb166d..2e90ae23b3 100644 --- a/Open-ILS/src/perlmods/lib/OpenILS/Application/Search/Authority.pm +++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/Search/Authority.pm @@ -73,6 +73,10 @@ sub search_authority_by_simple_normalize_heading { my $e = new_editor(); my $norm_heading = $e->json_query($norm_heading_query)->[0]->{'authority.simple_normalize_heading'}; + unless (defined($norm_heading) && $norm_heading != '') { + return OpenILS::Event->new('BAD_PARAMS', note => 'Heading normalized to null or empty string'); + } + my $query = { select => { are => ['id'] }, from => 'are', -- 2.11.0