Bug 32457: Fix CGI vulnerability in addorder.pl

Test plan: Go to acqui/addorder.pl. Create two items. Check if results still match your expectations. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> (cherry picked from commit b389f9a361) Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> (cherry picked from commit 427d0b32e9) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2022-12-13 14:31:10 +00:00 · 2022-12-13 14:31:10 +00:00 · fc980aed31
commit fc980aed31
parent 2c4f0357c4
1 changed files with 1 additions and 1 deletions
--- a/acqui/addorder.pl
+++ b/acqui/addorder.pl
@ -181,7 +181,7 @@ unless($confirm_budget_exceeding) {
        foreach (keys %$vars) {
            push @vars_loop, {
                name => $_,
-                values => [$input->param($_)],
+                values => [ $input->multi_param($_) ],
            };
        }