X-Git-Url: http://koha-dev.rot13.org:8081/gitweb/?a=blobdiff_plain;f=admin%2Fauth_tag_structure.pl;h=bd3dc93f77e4bc926f7142096bd754e4f8484c30;hb=1e255e93eb4e3532ad69d1291c9c0b96b21ee8d9;hp=b6ae347271797e31951bfbe4884ea25ba0c5f380;hpb=28d9f9a39885be95dc186d4dac9d16b407593dc0;p=koha_fer

diff --git a/admin/auth_tag_structure.pl b/admin/auth_tag_structure.pl
index b6ae347271..bd3dc93f77 100755
--- a/admin/auth_tag_structure.pl
+++ b/admin/auth_tag_structure.pl
@@ -55,15 +55,14 @@ my ($template, $loggedinuser, $cookie)
 			     });
 
 # get authtype list
-my $authtypes = getauthtypes;
-my @authtypesloop;
-foreach my $thisauthtype (keys %$authtypes) {
-	my $selected = 1 if $thisauthtype eq $authtypecode;
-	my %row =(value => $thisauthtype,
-				selected => $selected,
-				authtypetext => $authtypes->{$thisauthtype}->{'authtypetext'},
-			);
-	push @authtypesloop, \%row;
+my $authtypes     = getauthtypes;
+my @authtypesloop = ();
+foreach my $thisauthtype ( keys %{$authtypes} ) {
+    push @authtypesloop,
+      { value        => $thisauthtype,
+        selected     => $thisauthtype eq $authtypecode,
+        authtypetext => $authtypes->{$thisauthtype}->{'authtypetext'},
+      };
 }
 
 my $sth;
@@ -120,13 +119,13 @@ if ($op eq 'add_form') {
 	if ($searchfield) {
 		$template->param(action => "Modify tag",
 								searchfield => "<input type=\"hidden\" name=\"tagfield\" value=\"$searchfield\" />$searchfield");
-		$template->param('heading-modify-tag-p' => 1);
+		$template->param('heading_modify_tag_p' => 1);
 	} else {
 		$template->param(action => "Add tag",
 								searchfield => "<input type=\"text\" name=\"tagfield\" size=\"5\" maxlength=\"3\" />");
-		$template->param('heading-add-tag-p' => 1);
+		$template->param('heading_add_tag_p' => 1);
 	}
-	$template->param('use-heading-flags-p' => 1);
+	$template->param('use_heading_flags_p' => 1);
 	$template->param(liblibrarian => $data->{'liblibrarian'},
 							libopac => $data->{'libopac'},
 							repeatable => "".$data->{'repeatable'},
@@ -188,9 +187,10 @@ if ($op eq 'add_form') {
 # called by delete_confirm, used to effectively confirm deletion of data in DB
 } elsif ($op eq 'delete_confirmed') {
 	unless (C4::Context->config('demo') eq 1) {
-		$dbh->do("delete from auth_tag_structure where tagfield='$searchfield' and authtypecode='$authtypecode'");
-		$dbh->do("delete from auth_subfield_structure where tagfield='$searchfield' and authtypecode='$authtypecode'");
-        # FIXME: Secuity vulnerability -- use placeholders, prepare and execute!
+		my $sth = $dbh->prepare("delete from auth_tag_structure where tagfield=? and authtypecode=?");
+		$sth->execute($searchfield,$authtypecode);
+		my $sth = $dbh->prepare("delete from auth_subfield_structure where tagfield=? and authtypecode=?");
+		$sth->execute($searchfield,$authtypecode);
 	}
     print "Content-Type: text/html\n\n<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=auth_tag_structure.pl?searchfield=".$input->param('tagfield')."&authtypecode=$authtypecode\">";
     exit;