X-Git-Url: http://koha-dev.rot13.org:8081/gitweb/?a=blobdiff_plain;f=admin%2Fauth_tag_structure.pl;h=906f8d3e82449f0aaf3ddac7f297db26dfa84fea;hb=2614e07e1e2e6386b5f91e65f127940072e54d4d;hp=b6ae347271797e31951bfbe4884ea25ba0c5f380;hpb=574f613a1dfadfcd7c025139e6a63b1b1a0f729c;p=koha_fer
diff --git a/admin/auth_tag_structure.pl b/admin/auth_tag_structure.pl
index b6ae347271..906f8d3e82 100755
--- a/admin/auth_tag_structure.pl
+++ b/admin/auth_tag_structure.pl
@@ -50,20 +50,19 @@ my ($template, $loggedinuser, $cookie)
query => $input,
type => "intranet",
authnotrequired => 0,
- flagsrequired => {parameters => 1},
+ flagsrequired => {parameters => 'parameters_remaining_permissions'},
debug => 1,
});
# get authtype list
-my $authtypes = getauthtypes;
-my @authtypesloop;
-foreach my $thisauthtype (keys %$authtypes) {
- my $selected = 1 if $thisauthtype eq $authtypecode;
- my %row =(value => $thisauthtype,
- selected => $selected,
- authtypetext => $authtypes->{$thisauthtype}->{'authtypetext'},
- );
- push @authtypesloop, \%row;
+my $authtypes = getauthtypes;
+my @authtypesloop = ();
+foreach my $thisauthtype ( keys %{$authtypes} ) {
+ push @authtypesloop,
+ { value => $thisauthtype,
+ selected => $thisauthtype eq $authtypecode,
+ authtypetext => $authtypes->{$thisauthtype}->{'authtypetext'},
+ };
}
my $sth;
@@ -120,13 +119,13 @@ if ($op eq 'add_form') {
if ($searchfield) {
$template->param(action => "Modify tag",
searchfield => "$searchfield");
- $template->param('heading-modify-tag-p' => 1);
+ $template->param('heading_modify_tag_p' => 1);
} else {
$template->param(action => "Add tag",
searchfield => "");
- $template->param('heading-add-tag-p' => 1);
+ $template->param('heading_add_tag_p' => 1);
}
- $template->param('use-heading-flags-p' => 1);
+ $template->param('use_heading_flags_p' => 1);
$template->param(liblibrarian => $data->{'liblibrarian'},
libopac => $data->{'libopac'},
repeatable => "".$data->{'repeatable'},
@@ -188,9 +187,10 @@ if ($op eq 'add_form') {
# called by delete_confirm, used to effectively confirm deletion of data in DB
} elsif ($op eq 'delete_confirmed') {
unless (C4::Context->config('demo') eq 1) {
- $dbh->do("delete from auth_tag_structure where tagfield='$searchfield' and authtypecode='$authtypecode'");
- $dbh->do("delete from auth_subfield_structure where tagfield='$searchfield' and authtypecode='$authtypecode'");
- # FIXME: Secuity vulnerability -- use placeholders, prepare and execute!
+ my $sth = $dbh->prepare("delete from auth_tag_structure where tagfield=? and authtypecode=?");
+ $sth->execute($searchfield,$authtypecode);
+ my $sth = $dbh->prepare("delete from auth_subfield_structure where tagfield=? and authtypecode=?");
+ $sth->execute($searchfield,$authtypecode);
}
print "Content-Type: text/html\n\nparam('tagfield')."&authtypecode=$authtypecode\">";
exit;