Bug 5595 : Fixing a security glitch (please always use placeholders or
dbh->quote and fixing the tests
This commit is contained in:
Chris Cormack
parent
0ee0cc18b3
commit
8215cc8bad
2 changed files with 7 additions and 7 deletions
|
|
@ -102,16 +102,16 @@ sub GetBorrowerAttributes {
|
|||
|
||||
sub SearchIdMatchingAttribute{
|
||||
my $filter = shift;
|
||||
my $finalfilter=$$filter[0];
|
||||
my $finalfilter=$filter->[0];
|
||||
my $dbh = C4::Context->dbh();
|
||||
my $query = qq{
|
||||
SELECT borrowernumber
|
||||
FROM borrower_attributes
|
||||
JOIN borrower_attribute_types USING (code)
|
||||
WHERE staff_searchable = 1
|
||||
AND attribute like "%$finalfilter%"};
|
||||
AND attribute like ?};
|
||||
my $sth = $dbh->prepare_cached($query);
|
||||
$sth->execute();
|
||||
$sth->execute("%$finalfilter%");
|
||||
return $sth->fetchall_arrayref;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -39,13 +39,13 @@ is ($changedmember->{firstname}, "Marie", "Member Returned");
|
|||
|
||||
$member->{email}="Marie\@email.com";
|
||||
ModMember(%$member);
|
||||
my $searchemail=Search($member);
|
||||
is ($member->{email}, "Marie\@email.com", "Email search works");
|
||||
$changedmember=GetMemberDetails("","TESTCARD01");
|
||||
is ($changedmember->{email}, "Marie\@email.com", "Email Set works");
|
||||
|
||||
$member->{ethnicity}="German";
|
||||
ModMember(%$member);
|
||||
my $searcheth=Search($member);
|
||||
is ($member->{ethnicity}, "German", "Ethnicity Works");
|
||||
$changedmember=GetMemberDetails("","TESTCARD01");
|
||||
is ($changedmember->{ethnicity}, "German", "Ethnicity Works");
|
||||
|
||||
my @searchstring=("Mcknight");
|
||||
my ($results) = Search(\@searchstring,undef,undef,undef,["surname"]);
|
||||
|
|
|
|||
Loading…
Reference in a new issue