[Koha-patches] [PATCH] bug 5086: fix setting claim date
Galen Charlton
gmcharlt at gmail.com
Wed Oct 6 13:43:15 CEST 2010
Also removed a locus for SQL injection.
Signed-off-by: Galen Charlton <gmcharlt at gmail.com>
---
C4/Serials.pm | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/C4/Serials.pm b/C4/Serials.pm
index 9c22901..32e46be 100644
--- a/C4/Serials.pm
+++ b/C4/Serials.pm
@@ -287,10 +287,10 @@ sub UpdateClaimdateIssues {
my $dbh = C4::Context->dbh;
$date = strftime( "%Y-%m-%d", localtime ) unless ($date);
my $query = "
- UPDATE serial SET claimdate=$date,status=7
- WHERE serialid in (" . join( ",", @$serialids ) . ")";
+ UPDATE serial SET claimdate = ?, status = 7
+ WHERE serialid in (" . join( ",", map { '?' } @$serialids ) . ")";
my $rq = $dbh->prepare($query);
- $rq->execute;
+ $rq->execute($date, @$serialids);
return $rq->rows;
}
--
1.7.0
More information about the Koha-patches
mailing list