Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity

bug 1953: Reduce risk of possible tainted supplierid call to C4::Serials::GetLateIssues

Browse source 
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
This commit is contained in:
MJ Ray 2011-02-25 08:26:20 -05:00 committed by Chris Cormack
parent 38b59b7b53
commit 74cdd57ecb
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
C4/Serials.pm
View file

@ -125,10 +125,11 @@ sub GetLateIssues {
LEFT JOIN biblio ON biblio.biblionumber = subscription.biblionumber LEFT JOIN biblio ON biblio.biblionumber = subscription.biblionumber
LEFT JOIN aqbooksellers ON subscription.aqbooksellerid = aqbooksellers.id LEFT JOIN aqbooksellers ON subscription.aqbooksellerid = aqbooksellers.id
WHERE ((planneddate < now() AND serial.STATUS =1) OR serial.STATUS = 3) WHERE ((planneddate < now() AND serial.STATUS =1) OR serial.STATUS = 3)
AND subscription.aqbooksellerid=$supplierid AND subscription.aqbooksellerid=?
ORDER BY title ORDER BY title
|; |;
$sth = $dbh->prepare($query); $sth = $dbh->prepare($query);
$sth->execute($supplierid);
} else { } else {
my $query = qq| my $query = qq|
SELECT name,title,planneddate,serialseq,serial.subscriptionid SELECT name,title,planneddate,serialseq,serial.subscriptionid
@ -140,8 +141,8 @@ sub GetLateIssues {
ORDER BY title ORDER BY title
|; |;
$sth = $dbh->prepare($query); $sth = $dbh->prepare($query);
$sth->execute;
} }
$sth->execute;
my @issuelist; my @issuelist;
my $last_title; my $last_title;
my $odd = 0; my $odd = 0;