Browse Source

Bug 27933: Fix patron search result ordering

On bug 27715 we restrict the order by dt params for security reasons.
However in some cases the param passed is "columnname" instead of
"table.columnname".
We should make sure the table is part of the sort fieldname.

Test plan:
Do a "normal" patron search (from the patrons home page) and another
patron search (guarantor for instance).
Sort by cardnumber, date of birth, expiration date, asc, desc and
confirm it works as expected.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
21.05.x
Jonathan Druart 2 years ago
parent
commit
1b32e66380
  1. 9
      koha-tmpl/intranet-tmpl/prog/en/modules/common/patron_search.tt
  2. 8
      koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt

9
koha-tmpl/intranet-tmpl/prog/en/modules/common/patron_search.tt

@ -153,6 +153,15 @@
},{
'name': 'name_sorton',
'value': 'borrowers.surname borrowers.firstname'
},{
'name': 'cardnumber_sorton',
'value': 'borrowers.cardnumber',
},{
'name': 'dateofbirth_sorton',
'value': 'borrowers.dateofbirth',
},{
'name': 'dateexpiry_sorton',
'value': 'borrowers.dateexpiry',
},{
'name': 'category_sorton',
'value': 'categories.description',

8
koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt

@ -398,8 +398,14 @@
'name': 'name_sorton',
'value': 'borrowers.surname borrowers.firstname'
},{
'name': 'dateofbirth',
'name': 'cardnumber_sorton',
'value': 'borrowers.cardnumber',
},{
'name': 'dateofbirth_sorton',
'value': 'borrowers.dateofbirth',
},{
'name': 'dateexpiry_sorton',
'value': 'borrowers.dateexpiry',
},{
'name': 'category_sorton',
'value': 'categories.description',

Loading…
Cancel
Save