From 6c3a3426709d9371bbe1037916d3937e9b03090b Mon Sep 17 00:00:00 2001
From: Aleisha Amohia <aleisha@catalyst.net.nz>
Date: Thu, 8 Aug 2024 23:53:47 +0000
Subject: [PATCH] Bug 37508: (follow-up) Don't pass the column or sql
 containing password

This patch replaces these variables with a non-translatable message.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
---
 C4/Reports/Guided.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/C4/Reports/Guided.pm b/C4/Reports/Guided.pm
index e75f8bbceb..20d74bb72c 100644
--- a/C4/Reports/Guided.pm
+++ b/C4/Reports/Guided.pm
@@ -616,12 +616,12 @@ sub execute_query {
     warn $@ if $@;
 
     if ( $sql =~ m/password/ ) {
-        return ( $sth, { passworderr => $sql } );
+        return ( $sth, { passworderr => "Illegal column in SQL" } );
     }
 
     foreach my $column ( @{ $sth->{NAME_lc} } ) {
         if ( $column eq 'password' ) {
-            return ( $sth, { passworderr => $column } );
+            return ( $sth, { passworderr => "Illegal column in results" } );
         }
     }
 
-- 
2.39.5