[Koha-patches] [PATCH] [SIGNED-OFF] bug 1953: Reduce risk of possible tainted supplierid call to C4::Serials::GetLateIssues
Galen Charlton
gmcharlt at gmail.com
Fri Feb 25 14:26:20 CET 2011
From: MJ Ray <mjr at phonecoop.coop>
Signed-off-by: Galen Charlton <gmcharlt at gmail.com>
---
C4/Serials.pm | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/C4/Serials.pm b/C4/Serials.pm
index 5e2fa22..da0f4bd 100644
--- a/C4/Serials.pm
+++ b/C4/Serials.pm
@@ -125,10 +125,11 @@ sub GetLateIssues {
LEFT JOIN biblio ON biblio.biblionumber = subscription.biblionumber
LEFT JOIN aqbooksellers ON subscription.aqbooksellerid = aqbooksellers.id
WHERE ((planneddate < now() AND serial.STATUS =1) OR serial.STATUS = 3)
- AND subscription.aqbooksellerid=$supplierid
+ AND subscription.aqbooksellerid=?
ORDER BY title
|;
$sth = $dbh->prepare($query);
+ $sth->execute($supplierid);
} else {
my $query = qq|
SELECT name,title,planneddate,serialseq,serial.subscriptionid
@@ -140,8 +141,8 @@ sub GetLateIssues {
ORDER BY title
|;
$sth = $dbh->prepare($query);
+ $sth->execute;
}
- $sth->execute;
my @issuelist;
my $last_title;
my $odd = 0;
--
1.7.2.3
More information about the Koha-patches
mailing list