[Koha-patches] [PATCH] Bug Fixing : ModMember and memberentrygen.tmpl

[Henri-Damien LAURENT]

Problem with ModMember : parameters were not passed safely
memberentrygen.tmpl deleted guarantorid for a children if step2 or step3 used fore edition.
---
 C4/Members.pm                                      |   14 ++++++++++----
 .../prog/en/modules/members/memberentrygen.tmpl    |    4 ++--
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/C4/Members.pm b/C4/Members.pm
index 226308f..2eb0664 100644
--- a/C4/Members.pm
+++ b/C4/Members.pm
@@ -628,12 +628,18 @@ sub ModMember {
         $data{'password'} = md5_base64( $data{'password'} )  if ($data{'password'} ne "");
         delete $data{'password'} if ($data{password} eq "");
     }
-    foreach (keys %data)
-    { push @parameters,"$_ = ".$dbh->quote($data{$_}) if ($_ ne 'borrowernumber' and $_ ne 'flags' and $hashborrowerfields{$_}); }
-    $query .= join (',', at parameters) . "\n WHERE borrowernumber=? \n";
+    foreach (keys %data){  
+        if ($_ ne 'borrowernumber' and $_ ne 'flags' and $hashborrowerfields{$_}){
+          $query .= " $_=?, "; 
+          push @parameters,$data{$_};
+        }
+    }
+    $query =~ s/, $//;
+    $query .= " WHERE borrowernumber=?";
+    push @parameters, $data{'borrowernumber'};
     $debug and print STDERR "$query (executed w/ arg: $data{'borrowernumber'})";
     $sth = $dbh->prepare($query);
-    $sth->execute($data{'borrowernumber'});
+    $sth->execute(@parameters);
     $sth->finish;
 
 # ok if its an adult (type) it may have borrowers that depend on it as a guarantor
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tmpl b/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tmpl
index 611fb7f..641241a 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tmpl
@@ -143,7 +143,6 @@
 <input type="hidden" name="BorrowerMandatoryField" value="<!--TMPL_VAR NAME="BorrowerMandatoryField"-->" />
 <input type="hidden" name="category_type" value="<!-- TMPL_VAR name="category_type" -->" />
 <input type="hidden" name="updtype" value="<!-- TMPL_VAR NAME="updtype" -->" />
-<input type="hidden" name="guarantorid"   value="<!-- TMPL_VAR NAME="guarantorid" -->" />
 <input type="hidden" name="select_roadtype" value="<!-- TMPL_VAR NAME="select_roadtype" -->" />
 <input type="hidden" name="destination" value="<!-- TMPL_VAR NAME="destination" -->" />
 <input type="hidden" name="check_member" value="<!-- TMPL_VAR NAME="check_member" -->" />
@@ -264,7 +263,8 @@
 <!-- /TMPL_IF -->
        	</li>
     <!--/TMPL_UNLESS-->
-<!--TMPL_IF EXPR="showguarantor"-->  <li><label for="">Guarantor: </label>
+<!--TMPL_IF EXPR="showguarantor"--><input type="hidden" name="guarantorid"   value="<!-- TMPL_VAR NAME="guarantorid" -->" />
+  <li><label for="">Guarantor: </label>
   <select name="relationship" id="relationship" >
     <!-- TMPL_LOOP name="relshiploop" -->
         <!-- TMPL_IF name="selected" -->
-- 
1.5.4.3