projects / srvgit / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Bug 19086: Fix Stored XSS in circulation.pl
[srvgit] / members / statistics.pl
diff --git a/members/statistics.pl b/members/statistics.pl
index de9a6a3..55d5ed0 100755 (executable)
--- a/members/statistics.pl
+++ b/members/statistics.pl
@@ -26,12 +26,12 @@ use Modern::Perl;
 
 use CGI qw ( -utf8 );
 use C4::Auth;
-use C4::Branch;
 use C4::Context;
 use C4::Members;
 use C4::Members::Statistics;
 use C4::Members::Attributes qw(GetBorrowerAttributes);
 use C4::Output;
+use Koha::Patrons;
 
 my $input = new CGI;
 
@@ -48,19 +48,22 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
 my $borrowernumber = $input->param('borrowernumber');
 
 # Set informations for the patron
-my $borrower = GetMemberDetails( $borrowernumber, 0 );
-if ( not defined $borrower ) {
-    $template->param (unknowuser => 1);
-    output_html_with_http_headers $input, $cookie, $template->output;
+my $patron = Koha::Patrons->find( $borrowernumber );
+unless ( $patron ) {
+    print $input->redirect("/cgi-bin/koha/circ/circulation.pl?borrowernumber=$borrowernumber");
     exit;
 }
 
+my $category = $patron->category;
+my $borrower= $patron->unblessed;
+$borrower->{description} = $category->description;
+$borrower->{category_type} = $category->category_type;
+
 foreach my $key ( keys %$borrower ) {
     $template->param( $key => $borrower->{$key} );
 }
 $template->param(
     categoryname    => $borrower->{'description'},
-    branchname      => GetBranchName($borrower->{'branchcode'}),
 );
 # Construct column names
 my $fields = C4::Members::Statistics::get_fields();
@@ -93,18 +96,16 @@ if (C4::Context->preference('ExtendedPatronAttributes')) {
     );
 }
 
-my ($picture, $dberror) = GetPatronImage($borrower->{'borrowernumber'});
-$template->param( picture => 1 ) if $picture;
+$template->param( picture => 1 ) if $patron->image;
+
+$template->param(%$borrower);
 
-# Computes full borrower address
-my $roadtype = C4::Koha::GetAuthorisedValueByCode( 'ROADTYPE', $borrower->{streettype} );
-my $address = $borrower->{'streetnumber'} . " $roadtype " . $borrower->{'address'};
+$template->param( adultborrower => 1 ) if ( $borrower->{category_type} eq 'A' || $borrower->{category_type} eq 'I' );
 
 $template->param(
-    statisticsview => 1,
-    datas          => $datas,
-    address        => $address,
-    column_names   => \@statistic_column_names,
+    statisticsview     => 1,
+    datas              => $datas,
+    column_names       => \@statistic_column_names,
     count_total_issues => $count_total_issues,
     count_total_issues_returned => $count_total_issues_returned,
     count_total_precedent_state => $count_total_precedent_state,
KOHA@FFZG based on git://git.koha.org/pub/scm/koha.git