X-Git-Url: http://koha-dev.rot13.org:8081/gitweb/?a=blobdiff_plain;f=circ%2Fysearch.pl;h=f8fc52a88572a536415601df1e48d80075b60967;hb=826eda9d7045e970e6989fef7feb5f013e81e675;hp=e3bc26798a8057e77cb10429addf56448696eecf;hpb=82b8c496fdb642d678aed4499b2fceb739e65e64;p=koha_gimpoz

diff --git a/circ/ysearch.pl b/circ/ysearch.pl
index e3bc26798a..f8fc52a885 100755
--- a/circ/ysearch.pl
+++ b/circ/ysearch.pl
@@ -15,9 +15,9 @@
 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
 # A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
 #
-# You should have received a copy of the GNU General Public License along with
-# Koha; if not, write to the Free Software Foundation, Inc., 59 Temple Place,
-# Suite 330, Boston, MA  02111-1307 USA
+# You should have received a copy of the GNU General Public License along
+# with Koha; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 
 =head1 ysearch.pl
 
@@ -25,29 +25,38 @@
 =cut
 
 use strict;
+#use warnings; FIXME - Bug 2505
 use CGI;
 use C4::Context;
+use C4::Auth qw/check_cookie_auth/;
 
 my $input   = new CGI;
 my $query   = $input->param('query');
 
-# FIXME: charset should be UTF-8 but borrowers table is still ISO-8859-1
-print $input->header(-type => 'text/plain', -charset => 'ISO-8859-1');
+binmode STDOUT, ":utf8";
+print $input->header(-type => 'text/plain', -charset => 'UTF-8');
+
+my ($auth_status, $sessionID) = check_cookie_auth($input->cookie('CGISESSID'), { circulate => '*' });
+if ($auth_status ne "ok") {
+    exit 0;
+}
 
 my $dbh = C4::Context->dbh;
-$query = "SELECT surname, firstname, cardnumber, address, city, zipcode ".
-            "FROM borrowers " .
-            "WHERE surname LIKE '". $query . "%' " .
-            "OR firstname LIKE '" . $query . "%' " .
-            #"OR cardnumber LIKE '" . $query . "%' " .
-            "ORDER BY surname, firstname ";
-my $sth = $dbh->prepare( $query );
-$sth->execute();
+my $sql = qq(SELECT surname, firstname, cardnumber, address, city, zipcode, country 
+             FROM borrowers 
+             WHERE surname LIKE ?
+             OR firstname LIKE ?
+             OR cardnumber LIKE ?
+             ORDER BY surname, firstname);
+my $sth = $dbh->prepare( $sql );
+$sth->execute("$query%", "$query%", "$query%");
+
 while ( my $rec = $sth->fetchrow_hashref ) {
     print $rec->{surname} . ", " . $rec->{firstname} . "\t" .
           $rec->{cardnumber} . "\t" .
           $rec->{address} . "\t" .
           $rec->{city} . "\t" .
-          $rec->{zip} .
+          $rec->{zip} . "\t" .
+          $rec->{country} .
           "\n";
 }