From b17f7ec7c1c838a2aad84012ae4ee3de5e1b34ed Mon Sep 17 00:00:00 2001
From: Aleisha Amohia <aleishaamohia@hotmail.com>
Date: Tue, 5 Sep 2017 22:42:14 +0000
Subject: [PATCH] Bug 19258: Prevent warn when reversing a payment

The following warn is triggered when I click the Reverse button next to
an individual payment on the Account tab:
CGI::param called in list context from package
CGI::Compile::ROOT::home_vagrant_kohaclone_members_boraccount_2epl line
63, this can lead to vulnerabilities. See the warning in "Fetching the
value or values of a single named parameter" at /usr/share/perl5/CGI.pm
line 436.

To test:
1) Go to a members detail page in staff side, create a manual invoice,
pay it
2) Go to the Account tab, click Reverse next to the payment you just
made
3) Notice warns
4) Apply patch and repeat steps 1 & 2
5) Warns should be gone

Sponsored-by: Catalyst IT

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit b56c19528e332381384639ed347d11508086c547)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
---
 members/boraccount.pl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/members/boraccount.pl b/members/boraccount.pl
index 4f8ddf04b0..1447335c5b 100755
--- a/members/boraccount.pl
+++ b/members/boraccount.pl
@@ -57,7 +57,7 @@ my $action = $input->param('action') || '';
 my $data=GetMember('borrowernumber' => $borrowernumber);
 
 if ( $action eq 'reverse' ) {
-  ReversePayment( $input->param('accountlines_id') );
+  ReversePayment( scalar $input->param('accountlines_id') );
 }
 
 if ( $data->{'category_type'} eq 'C') {
-- 
2.39.5