[Koha-patches] [PATCH] Bug Fixing : ModMember and memberentrygen.tmpl
Henri-Damien LAURENT
henridamien.laurent at biblibre.com
Thu May 15 21:47:15 CEST 2008
Problem with ModMember : parameters were not passed safely
memberentrygen.tmpl deleted guarantorid for a children if step2 or step3 used fore edition.
---
C4/Members.pm | 14 ++++++++++----
.../prog/en/modules/members/memberentrygen.tmpl | 4 ++--
2 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/C4/Members.pm b/C4/Members.pm
index 226308f..2eb0664 100644
--- a/C4/Members.pm
+++ b/C4/Members.pm
@@ -628,12 +628,18 @@ sub ModMember {
$data{'password'} = md5_base64( $data{'password'} ) if ($data{'password'} ne "");
delete $data{'password'} if ($data{password} eq "");
}
- foreach (keys %data)
- { push @parameters,"$_ = ".$dbh->quote($data{$_}) if ($_ ne 'borrowernumber' and $_ ne 'flags' and $hashborrowerfields{$_}); }
- $query .= join (',', at parameters) . "\n WHERE borrowernumber=? \n";
+ foreach (keys %data){
+ if ($_ ne 'borrowernumber' and $_ ne 'flags' and $hashborrowerfields{$_}){
+ $query .= " $_=?, ";
+ push @parameters,$data{$_};
+ }
+ }
+ $query =~ s/, $//;
+ $query .= " WHERE borrowernumber=?";
+ push @parameters, $data{'borrowernumber'};
$debug and print STDERR "$query (executed w/ arg: $data{'borrowernumber'})";
$sth = $dbh->prepare($query);
- $sth->execute($data{'borrowernumber'});
+ $sth->execute(@parameters);
$sth->finish;
# ok if its an adult (type) it may have borrowers that depend on it as a guarantor
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tmpl
index 611fb7f..641241a 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tmpl
@@ -143,7 +143,6 @@
<input type="hidden" name="BorrowerMandatoryField" value="<!--TMPL_VAR NAME="BorrowerMandatoryField"-->" />
<input type="hidden" name="category_type" value="<!-- TMPL_VAR name="category_type" -->" />
<input type="hidden" name="updtype" value="<!-- TMPL_VAR NAME="updtype" -->" />
-<input type="hidden" name="guarantorid" value="<!-- TMPL_VAR NAME="guarantorid" -->" />
<input type="hidden" name="select_roadtype" value="<!-- TMPL_VAR NAME="select_roadtype" -->" />
<input type="hidden" name="destination" value="<!-- TMPL_VAR NAME="destination" -->" />
<input type="hidden" name="check_member" value="<!-- TMPL_VAR NAME="check_member" -->" />
@@ -264,7 +263,8 @@
<!-- /TMPL_IF -->
</li>
<!--/TMPL_UNLESS-->
-<!--TMPL_IF EXPR="showguarantor"--> <li><label for="">Guarantor: </label>
+<!--TMPL_IF EXPR="showguarantor"--><input type="hidden" name="guarantorid" value="<!-- TMPL_VAR NAME="guarantorid" -->" />
+ <li><label for="">Guarantor: </label>
<select name="relationship" id="relationship" >
<!-- TMPL_LOOP name="relshiploop" -->
<!-- TMPL_IF name="selected" -->
--
1.5.4.3
More information about the Koha-patches
mailing list