projects / srvgit / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Bug 19086: Fix Stored XSS in circulation.pl
[srvgit] / members / statistics.pl
diff --git a/members/statistics.pl b/members/statistics.pl
index 5222cf0..55d5ed0 100755 (executable)
--- a/members/statistics.pl
+++ b/members/statistics.pl
@@ -24,14 +24,14 @@
 
 use Modern::Perl;
 
-use CGI;
+use CGI qw ( -utf8 );
 use C4::Auth;
-use C4::Branch;
 use C4::Context;
 use C4::Members;
 use C4::Members::Statistics;
 use C4::Members::Attributes qw(GetBorrowerAttributes);
 use C4::Output;
+use Koha::Patrons;
 
 my $input = new CGI;
 
@@ -48,19 +48,22 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
 my $borrowernumber = $input->param('borrowernumber');
 
 # Set informations for the patron
-my $borrower = GetMemberDetails( $borrowernumber, 0 );
-if ( not defined $borrower ) {
-    $template->param (unknowuser => 1);
-    output_html_with_http_headers $input, $cookie, $template->output;
+my $patron = Koha::Patrons->find( $borrowernumber );
+unless ( $patron ) {
+    print $input->redirect("/cgi-bin/koha/circ/circulation.pl?borrowernumber=$borrowernumber");
     exit;
 }
 
+my $category = $patron->category;
+my $borrower= $patron->unblessed;
+$borrower->{description} = $category->description;
+$borrower->{category_type} = $category->category_type;
+
 foreach my $key ( keys %$borrower ) {
     $template->param( $key => $borrower->{$key} );
 }
 $template->param(
     categoryname    => $borrower->{'description'},
-    branchname      => GetBranchName($borrower->{'branchcode'}),
 );
 # Construct column names
 my $fields = C4::Members::Statistics::get_fields();
@@ -93,14 +96,16 @@ if (C4::Context->preference('ExtendedPatronAttributes')) {
     );
 }
 
-my ($picture, $dberror) = GetPatronImage($borrower->{'borrowernumber'});
-$template->param( picture => 1 ) if $picture;
+$template->param( picture => 1 ) if $patron->image;
+
+$template->param(%$borrower);
+
+$template->param( adultborrower => 1 ) if ( $borrower->{category_type} eq 'A' || $borrower->{category_type} eq 'I' );
 
 $template->param(
-    statisticsview => 1,
-    datas          => $datas,
-    column_names   => \@statistic_column_names,
-    length_keys    => scalar( @statistic_column_names),
+    statisticsview     => 1,
+    datas              => $datas,
+    column_names       => \@statistic_column_names,
     count_total_issues => $count_total_issues,
     count_total_issues_returned => $count_total_issues_returned,
     count_total_precedent_state => $count_total_precedent_state,
KOHA@FFZG based on git://git.koha.org/pub/scm/koha.git