projects / koha_gimpoz / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 38b59b7)
bug 1953: Reduce risk of possible tainted supplierid call to C4::Serials::GetLateIssues
authorMJ Ray <mjr@phonecoop.coop>
Fri, 25 Feb 2011 13:26:20 +0000 (08:26 -0500)
committerChris Cormack <chrisc@catalyst.net.nz>
Sat, 26 Feb 2011 07:02:25 +0000 (20:02 +1300)
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
C4/Serials.pm patch | blob | history

diff --git a/C4/Serials.pm b/C4/Serials.pm
index 5e2fa22..da0f4bd 100644 (file)
--- a/C4/Serials.pm
+++ b/C4/Serials.pm
@@ -125,10 +125,11 @@ sub GetLateIssues {
             LEFT JOIN  biblio ON biblio.biblionumber = subscription.biblionumber
             LEFT JOIN  aqbooksellers ON subscription.aqbooksellerid = aqbooksellers.id
             WHERE      ((planneddate < now() AND serial.STATUS =1) OR serial.STATUS = 3)
-            AND        subscription.aqbooksellerid=$supplierid
+            AND        subscription.aqbooksellerid=?
             ORDER BY   title
         |;
         $sth = $dbh->prepare($query);
+        $sth->execute($supplierid);
     } else {
         my $query = qq|
             SELECT     name,title,planneddate,serialseq,serial.subscriptionid
@@ -140,8 +141,8 @@ sub GetLateIssues {
             ORDER BY   title
         |;
         $sth = $dbh->prepare($query);
+        $sth->execute;
     }
-    $sth->execute;
     my @issuelist;
     my $last_title;
     my $odd   = 0;
Unnamed repository; edit this file 'description' to name the repository.