Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity

bug 5086: fix setting claim date

Browse source 
Also removed a locus for SQL injection.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
This commit is contained in:
Galen Charlton 2010-10-06 07:43:15 -04:00
parent 40d9995822
commit 27bb768cad
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
C4/Serials.pm
View file

@ -287,10 +287,10 @@ sub UpdateClaimdateIssues {
my $dbh = C4::Context->dbh;
$date = strftime( "%Y-%m-%d", localtime ) unless ($date);
my $query = "
UPDATE serial SET claimdate=$date,status=7
WHERE serialid in (" . join( ",", @$serialids ) . ")";
UPDATE serial SET claimdate = ?, status = 7
WHERE serialid in (" . join( ",", map { '?' } @$serialids ) . ")";
my $rq = $dbh->prepare($query);
$rq->execute;
$rq->execute($date, @$serialids);
return $rq->rows;
}