[Koha-patches] [PATCH 2/2] [3.0.x] [SIGNED-OFF] bug 1953: Reduce risk of possible tainted supplierid call to C4::Serials::GetLateIssues
Galen Charlton
gmcharlt at gmail.com
Fri Feb 25 14:40:09 CET 2011
From: MJ Ray <mjr at phonecoop.coop>
Signed-off-by: Galen Charlton <gmcharlt at gmail.com>
---
C4/Serials.pm | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/C4/Serials.pm b/C4/Serials.pm
index 2f72762..22cfd46 100644
--- a/C4/Serials.pm
+++ b/C4/Serials.pm
@@ -135,12 +135,12 @@ sub GetLateIssues {
LEFT JOIN biblio ON biblio.biblionumber = subscription.biblionumber
LEFT JOIN aqbooksellers ON subscription.aqbooksellerid = aqbooksellers.id
WHERE ((planneddate < now() AND serial.STATUS =1) OR serial.STATUS = 3)
- AND subscription.aqbooksellerid=$supplierid
+ AND subscription.aqbooksellerid=?
ORDER BY title
|;
$sth = $dbh->prepare($query);
- }
- else {
+ $sth->execute($supplierid);
+ } else {
my $query = qq|
SELECT name,title,planneddate,serialseq,serial.subscriptionid
FROM subscription
@@ -151,8 +151,8 @@ sub GetLateIssues {
ORDER BY title
|;
$sth = $dbh->prepare($query);
+ $sth->execute;
}
- $sth->execute;
my @issuelist;
my $last_title;
my $odd = 0;
--
1.7.2.3
More information about the Koha-patches
mailing list