Bug 19086: Fix Stored XSS in circulation.pl

[srvgit] / members / statistics.pl

diff --git a/members/statistics.pl b/members/statistics.pl
index 5979e7f..55d5ed0 100755 (executable)
--- a/members/statistics.pl
+++ b/members/statistics.pl
@@ -50,8 +50,7 @@ my $borrowernumber = $input->param('borrowernumber');
 # Set informations for the patron
 my $patron = Koha::Patrons->find( $borrowernumber );
 unless ( $patron ) {
-    $template->param (unknowuser => 1);
-    output_html_with_http_headers $input, $cookie, $template->output;
+    print $input->redirect("/cgi-bin/koha/circ/circulation.pl?borrowernumber=$borrowernumber");
     exit;
 }