From 4dc7c32a3db11db2a3862e4979e62db23b2a208c Mon Sep 17 00:00:00 2001
From: Kyle M Hall <kyle@bywatersolutions.com>
Date: Mon, 30 Jan 2017 12:12:08 +0000
Subject: [PATCH] Revert "Bug 17902: Fix possible SQL injection in serials
 editing"

This reverts commit 904716f581102887c27d5bfc727430564cc12284.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
---
 C4/Serials.pm | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/C4/Serials.pm b/C4/Serials.pm
index d1f92993bd..543b1dceb0 100644
--- a/C4/Serials.pm
+++ b/C4/Serials.pm
@@ -739,20 +739,19 @@ sub GetSerials2 {
 
     return unless ($subscription and @$statuses);
 
+    my $statuses_string = join ',', @$statuses;
+
     my $dbh   = C4::Context->dbh;
-    my $query = q|
+    my $query = qq|
                  SELECT serialid,serialseq, status, planneddate, publisheddate,
                     publisheddatetext, notes, routingnotes
                  FROM     serial 
-                 WHERE    subscriptionid=?
-            |
-            . q| AND status IN (| . join( ",", ('?') x @$statuses ) . ")" . q|)|
-            . q|
+                 WHERE    subscriptionid=$subscription AND status IN ($statuses_string)
                  ORDER BY publisheddate,serialid DESC
-    |;
+                    |;
     $debug and warn "GetSerials2 query: $query";
     my $sth = $dbh->prepare($query);
-    $sth->execute( $subscription, @$statuses );
+    $sth->execute;
     my @serials;
 
     while ( my $line = $sth->fetchrow_hashref ) {
-- 
2.39.2