From b389f9a361cf16c11f3678b8e42aa6eb1e91a930 Mon Sep 17 00:00:00 2001
From: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Date: Tue, 13 Dec 2022 14:31:10 +0000
Subject: [PATCH] Bug 32457: Fix CGI vulnerability in addorder.pl

Test plan:
Go to acqui/addorder.pl.
Create two items.
Check if results still match your expectations.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
---
 acqui/addorder.pl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/acqui/addorder.pl b/acqui/addorder.pl
index 147d168050..25fd4b3109 100755
--- a/acqui/addorder.pl
+++ b/acqui/addorder.pl
@@ -190,7 +190,7 @@ unless($confirm_budget_exceeding) {
         foreach (keys %$vars) {
             push @vars_loop, {
                 name => $_,
-                values => [$input->param($_)],
+                values => [ $input->multi_param($_) ],
             };
         }
 
-- 
2.20.1