Bug 26760: Escape URI parameters in redirect URI to paycollect.pl

Also remove useless '%.2f' formatting of amount and amountoutstanding Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2021-05-12 10:24:30 +02:00 · 2021-05-12 10:24:30 +02:00 · cb61aec240
commit cb61aec240
parent 5b40df23e3
1 changed files with 10 additions and 7 deletions
--- a/members/maninvoice.pl
+++ b/members/maninvoice.pl
@ -24,6 +24,7 @@

 use Modern::Perl;
 use Try::Tiny;
+use URI::Escape;

 use C4::Auth;
 use C4::Output;
@ -172,13 +173,15 @@ if ($add) {
            if ( $add eq 'save and pay' ) {
                my $url = sprintf(
                    '/cgi-bin/koha/members/paycollect.pl?borrowernumber=%s&pay_individual=1&debit_type_code=%s&amount=%s&amountoutstanding=%s&description=%s&itemnumber=%s&accountlines_id=%s',
-                    $borrowernumber,
-                    $line->debit_type_code,
-                    sprintf('%.2f', $line->amount),
-                    sprintf('%.2f', $line->amountoutstanding),
-                    $line->description,
-                    $line->itemnumber,
-                    $line->id
+                    map { uri_escape_utf8($_) } (
+                        $borrowernumber,
+                        $line->debit_type_code,
+                        $line->amount,
+                        $line->amountoutstanding,
+                        $line->description,
+                        $line->itemnumber,
+                        $line->id
+                    )
                );

                print $input->redirect($url);