projects
/
xtuple
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
f8da3cc
)
Make sure join name is safe.
author
Ben Thompson
<ben@xtuple.com>
Tue, 13 May 2014 21:30:50 +0000
(17:30 -0400)
committer
Ben Thompson
<ben@xtuple.com>
Tue, 13 May 2014 21:30:50 +0000
(17:30 -0400)
enyo-client/database/source/xm/javascript/item_site.sql
patch
|
blob
|
history
diff --git
a/enyo-client/database/source/xm/javascript/item_site.sql
b/enyo-client/database/source/xm/javascript/item_site.sql
index
ff9b62c
..
3ba3601
100644
(file)
--- a/
enyo-client/database/source/xm/javascript/item_site.sql
+++ b/
enyo-client/database/source/xm/javascript/item_site.sql
@@
-99,7
+99,7
@@
select xt.install_js('XM','ItemSite','xtuple', $$
/* If customer passed, restrict results to item sites allowed to be sold to that customer */
if (customerId) {
/* If customer passed, restrict results to item sites allowed to be sold to that customer */
if (customerId) {
- extra += ' and
jt0.item_id in (' + /* XXX jt0 is a dangerous assumption */
+ extra += ' and
sidejoin.item_id in (' +
'select item_id from item where item_sold and not item_exclusive ' +
'union ' +
'select item_id from xt.custitem where cust_id=${p2} ' +
'select item_id from item where item_sold and not item_exclusive ' +
'union ' +
'select item_id from xt.custitem where cust_id=${p2} ' +
@@
-117,12
+117,12
@@
select xt.install_js('XM','ItemSite','xtuple', $$
clause.joins = [];
}
clause.joins = [];
}
- clause.joins.push('left join item
jt0
on itemsite_item_id = item_id')
+ clause.joins.push('left join item
sidejoin
on itemsite_item_id = item_id')
}
/* If vendor passed, and vendor can only supply against defined item sources, then restrict results */
if (vendorId) {
}
/* If vendor passed, and vendor can only supply against defined item sources, then restrict results */
if (vendorId) {
- extra += ' and
jt0.item_id in (' + /* XXX jt0 is a dangerous assumption */
+ extra += ' and
sidejoin.item_id in (' +
' select itemsrc_item_id ' +
' from itemsrc ' +
' where itemsrc_active ' +
' select itemsrc_item_id ' +
' from itemsrc ' +
' where itemsrc_active ' +
@@
-132,7
+132,7
@@
select xt.install_js('XM','ItemSite','xtuple', $$
clause.joins = [];
}
clause.joins = [];
}
- clause.joins.push('left join item
jt0
on itemsite_item_id = item_id')
+ clause.joins.push('left join item
sidejoin
on itemsite_item_id = item_id')
}
sql1 = XT.format(
}
sql1 = XT.format(