From 133b17036b686db7426500fd5a3a57a658a82b75 Mon Sep 17 00:00:00 2001 From: Aleisha Amohia Date: Thu, 8 Aug 2024 23:53:47 +0000 Subject: [PATCH] Bug 37508: (follow-up) Don't pass the column or sql containing password This patch replaces these variables with a non-translatable message. Signed-off-by: Marcel de Rooy Signed-off-by: Tomas Cohen Arazi --- C4/Reports/Guided.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/C4/Reports/Guided.pm b/C4/Reports/Guided.pm index 2bbccff3a3..481eb0962e 100644 --- a/C4/Reports/Guided.pm +++ b/C4/Reports/Guided.pm @@ -625,12 +625,12 @@ sub execute_query { return ( $sth, { queryerr => $sth->errstr } ) if ( $sth->err ); if ( $sql =~ m/password/ ) { - return ( $sth, { passworderr => $sql } ); + return ( $sth, { passworderr => "Illegal column in SQL" } ); } foreach my $column ( @{ $sth->{NAME_lc} } ) { if ( $column eq 'password' ) { - return ( $sth, { passworderr => $column } ); + return ( $sth, { passworderr => "Illegal column in results" } ); } } -- 2.39.5