Bug 32457: Fix CGI vulnerability in addorder.pl

Test plan:
Go to acqui/addorder.pl.
Create two items.
Check if results still match your expectations.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

diff --git a/acqui/addorder.pl b/acqui/addorder.pl
index 147d168..25fd4b3 100755 (executable)
--- a/acqui/addorder.pl
+++ b/acqui/addorder.pl
@@ -190,7 +190,7 @@ unless($confirm_budget_exceeding) {
         foreach (keys %$vars) {
             push @vars_loop, {
                 name => $_,
-                values => [$input->param($_)],
+                values => [ $input->multi_param($_) ],
             };
         }