From 133b17036b686db7426500fd5a3a57a658a82b75 Mon Sep 17 00:00:00 2001
From: Aleisha Amohia <aleisha@catalyst.net.nz>
Date: Thu, 8 Aug 2024 23:53:47 +0000
Subject: [PATCH] Bug 37508: (follow-up) Don't pass the column or sql
 containing password

This patch replaces these variables with a non-translatable message.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
---
 C4/Reports/Guided.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/C4/Reports/Guided.pm b/C4/Reports/Guided.pm
index 2bbccff3a3..481eb0962e 100644
--- a/C4/Reports/Guided.pm
+++ b/C4/Reports/Guided.pm
@@ -625,12 +625,12 @@ sub execute_query {
     return ( $sth, { queryerr => $sth->errstr } ) if ( $sth->err );
 
     if ( $sql =~ m/password/ ) {
-        return ( $sth, { passworderr => $sql } );
+        return ( $sth, { passworderr => "Illegal column in SQL" } );
     }
 
     foreach my $column ( @{ $sth->{NAME_lc} } ) {
         if ( $column eq 'password' ) {
-            return ( $sth, { passworderr => $column } );
+            return ( $sth, { passworderr => "Illegal column in results" } );
         }
     }
 
-- 
2.39.5