From 6c3a3426709d9371bbe1037916d3937e9b03090b Mon Sep 17 00:00:00 2001 From: Aleisha Amohia Date: Thu, 8 Aug 2024 23:53:47 +0000 Subject: [PATCH] Bug 37508: (follow-up) Don't pass the column or sql containing password This patch replaces these variables with a non-translatable message. Signed-off-by: Marcel de Rooy Signed-off-by: Tomas Cohen Arazi --- C4/Reports/Guided.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/C4/Reports/Guided.pm b/C4/Reports/Guided.pm index e75f8bbceb..20d74bb72c 100644 --- a/C4/Reports/Guided.pm +++ b/C4/Reports/Guided.pm @@ -616,12 +616,12 @@ sub execute_query { warn $@ if $@; if ( $sql =~ m/password/ ) { - return ( $sth, { passworderr => $sql } ); + return ( $sth, { passworderr => "Illegal column in SQL" } ); } foreach my $column ( @{ $sth->{NAME_lc} } ) { if ( $column eq 'password' ) { - return ( $sth, { passworderr => $column } ); + return ( $sth, { passworderr => "Illegal column in results" } ); } } -- 2.39.5