});
# get authtype list
-my $authtypes = getauthtypes;
-my @authtypesloop;
-foreach my $thisauthtype (keys %$authtypes) {
- my $selected = 1 if $thisauthtype eq $authtypecode;
- my %row =(value => $thisauthtype,
- selected => $selected,
- authtypetext => $authtypes->{$thisauthtype}->{'authtypetext'},
- );
- push @authtypesloop, \%row;
+my $authtypes = getauthtypes;
+my @authtypesloop = ();
+foreach my $thisauthtype ( keys %{$authtypes} ) {
+ push @authtypesloop,
+ { value => $thisauthtype,
+ selected => $thisauthtype eq $authtypecode,
+ authtypetext => $authtypes->{$thisauthtype}->{'authtypetext'},
+ };
}
my $sth;
# called by delete_confirm, used to effectively confirm deletion of data in DB
} elsif ($op eq 'delete_confirmed') {
unless (C4::Context->config('demo') eq 1) {
- $dbh->do("delete from auth_tag_structure where tagfield='$searchfield' and authtypecode='$authtypecode'");
- $dbh->do("delete from auth_subfield_structure where tagfield='$searchfield' and authtypecode='$authtypecode'");
- # FIXME: Secuity vulnerability -- use placeholders, prepare and execute!
+ my $sth = $dbh->prepare("delete from auth_tag_structure where tagfield=? and authtypecode=?");
+ $sth->execute($searchfield,$authtypecode);
+ my $sth = $dbh->prepare("delete from auth_subfield_structure where tagfield=? and authtypecode=?");
+ $sth->execute($searchfield,$authtypecode);
}
print "Content-Type: text/html\n\n<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=auth_tag_structure.pl?searchfield=".$input->param('tagfield')."&authtypecode=$authtypecode\">";
exit;