Revert "Bug 17902: Fix possible SQL injection in serials editing"

This reverts commit 8924439054.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This commit is contained in:
Kyle Hall 2017-01-30 11:52:56 +00:00
parent 8924439054
commit e2d1bafa22

View file

@ -739,20 +739,19 @@ sub GetSerials2 {
return unless ($subscription and @$statuses);
my $statuses_string = join ',', @$statuses;
my $dbh = C4::Context->dbh;
my $query = q|
my $query = qq|
SELECT serialid,serialseq, status, planneddate, publisheddate,
publisheddatetext, notes, routingnotes
FROM serial
WHERE subscriptionid=?
|
. q| AND status IN (| . join( ",", ('?') x @$statuses ) . ")" . q|)|
. q|
WHERE subscriptionid=$subscription AND status IN ($statuses_string)
ORDER BY publisheddate,serialid DESC
|;
|;
$debug and warn "GetSerials2 query: $query";
my $sth = $dbh->prepare($query);
$sth->execute( $subscription, @$statuses );
$sth->execute;
my @serials;
while ( my $line = $sth->fetchrow_hashref ) {