X-Git-Url: http://koha-dev.rot13.org:8081/gitweb/?a=blobdiff_plain;ds=sidebyside;f=admin%2Fauthorised_values.pl;h=949e4882a6c1eeb03d3ad0722e98186a1139e563;hb=ff7417fa916523ba293785c32d6d70a126dfdec8;hp=c26f3a9ec5cb4b50bfe4827249796b2664ea8f25;hpb=2c470899b3f0191b9597d713e895b9240fe1d137;p=koha_fer

diff --git a/admin/authorised_values.pl b/admin/authorised_values.pl
index c26f3a9ec5..949e4882a6 100755
--- a/admin/authorised_values.pl
+++ b/admin/authorised_values.pl
@@ -27,7 +27,7 @@ use C4::Koha;
 use C4::Output;
 
 
-sub AuthorizedValuesForCategory ($) {
+sub AuthorizedValuesForCategory {
     my ($searchstring) = shift or return;
     my $dbh = C4::Context->dbh;
     $searchstring=~ s/\'/\\\'/g;
@@ -45,17 +45,17 @@ sub AuthorizedValuesForCategory ($) {
 my $input = new CGI;
 my $id          = $input->param('id');
 my $op          = $input->param('op')     || '';
-my $offset      = $input->param('offset') || 0;
-my $searchfield = $input->param('searchfield');
+our $offset      = $input->param('offset') || 0;
+our $searchfield = $input->param('searchfield');
 $searchfield = '' unless defined $searchfield;
 $searchfield =~ s/\,//g;
-my $script_name = "/cgi-bin/koha/admin/authorised_values.pl";
-my $dbh = C4::Context->dbh;
+our $script_name = "/cgi-bin/koha/admin/authorised_values.pl";
+our $dbh = C4::Context->dbh;
 
-my ($template, $borrowernumber, $cookie)= get_template_and_user({
+our ($template, $borrowernumber, $cookie)= get_template_and_user({
     template_name => "admin/authorised_values.tmpl",
     authnotrequired => 0,
-    flagsrequired => {parameters => 1},
+    flagsrequired => {parameters => 'parameters_remaining_permissions'},
     query => $input,
     type => "intranet",
     debug => 1,
@@ -104,15 +104,14 @@ if ($op eq 'add_form') {
     my $duplicate_entry = 0;
 
     if ( $id ) { # Update
-        my $sth = $dbh->prepare( "SELECT category, authorised_value FROM authorised_values WHERE id='$id' ");
-        $sth->execute();
+        my $sth = $dbh->prepare( "SELECT category, authorised_value FROM authorised_values WHERE id = ? ");
+        $sth->execute($id);
         my ($category, $authorised_value) = $sth->fetchrow_array();
         if ( $authorised_value ne $new_authorised_value ) {
             my $sth = $dbh->prepare_cached( "SELECT COUNT(*) FROM authorised_values " .
-                "WHERE category = '$new_category' AND authorised_value = '$new_authorised_value' and id<>$id");
-            $sth->execute();
+                "WHERE category = ? AND authorised_value = ? and id <> ? ");
+            $sth->execute($new_category, $new_authorised_value, $id);
             ($duplicate_entry) = $sth->fetchrow_array();
-            warn "**** duplicate_entry = $duplicate_entry";
         }
         unless ( $duplicate_entry ) {
             my $sth=$dbh->prepare( 'UPDATE authorised_values
@@ -133,8 +132,8 @@ if ($op eq 'add_form') {
     }
     else { # Insert
         my $sth = $dbh->prepare_cached( "SELECT COUNT(*) FROM authorised_values " .
-            "WHERE category = '$new_category' AND authorised_value = '$new_authorised_value' ");
-        $sth->execute();
+            "WHERE category = ? AND authorised_value = ? ");
+        $sth->execute($new_category, $new_authorised_value);
         ($duplicate_entry) = $sth->fetchrow_array();
         unless ( $duplicate_entry ) {
             my $sth=$dbh->prepare( 'INSERT INTO authorised_values