From e2821c7962ca7594f029f4c7fdb0c2f70028eb9b Mon Sep 17 00:00:00 2001
From: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Date: Tue, 7 Nov 2023 13:57:42 +0100
Subject: [PATCH] Bug 35276: Remove authentication params from suggestion hash

These would be forwarded to Koha::Objects->as_list and crash on
unknown column.

Test plan:
Logout from staff.
Enter URL /suggestion/suggestion.pl
Without this patch, it crashes. Now it does not.

Note: The crash may show auth_forwarded_hash but I also saw
koha_login_context passing by. Same issue.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
---
 suggestion/suggestion.pl | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/suggestion/suggestion.pl b/suggestion/suggestion.pl
index 93dc9734ef..cb6da835f3 100755
--- a/suggestion/suggestion.pl
+++ b/suggestion/suggestion.pl
@@ -108,7 +108,9 @@ my $columns = ' '.join(' ', $schema->source('Suggestion')->columns).' ';
 my $suggestion_only = { map { $columns =~ / $_ / ? ($_ => $suggestion_ref->{$_}) : () } keys %$suggestion_ref };
 $suggestion_only->{STATUS} = $suggestion_ref->{STATUS};
 
-delete $$suggestion_ref{$_} foreach qw( suggestedbyme op displayby tabcode notify filter_archived );
+delete $$suggestion_ref{$_}
+    foreach
+    qw( suggestedbyme op displayby tabcode notify filter_archived koha_login_context auth_forwarded_hash password userid );
 foreach (keys %$suggestion_ref){
     delete $$suggestion_ref{$_} if (!$$suggestion_ref{$_} && ($op eq 'else' ));
 }
-- 
2.20.1