From f61cb044721d2fe3594b3e92f5d8f7da56ac4d04 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Sat, 8 Jun 2019 14:45:33 -0500 Subject: [PATCH] Bug 22941: Do not return 500 if sortfield contain parenthesis Test plan: Hit /virtualshelves/shelves.pl?op=view&shelfnumber=1&sortfield=author( You must not get: Unmatched ( in regex; marked by <-- HERE in m/^author( <-- HERE $/ at /home/vagrant/kohaclone/virtualshelves/shelves.pl line 236 Signed-off-by: Mark Tompsett Signed-off-by: Martin Renvoize Signed-off-by: Martin Renvoize (cherry picked from commit f8db499f4a9c71e7a2ffef0fadaecddb938330d4) Signed-off-by: Fridolin Somers (cherry picked from commit 5a1a3f0161ae15536137454dc1affb1724e9b58b) Signed-off-by: Lucas Gass --- virtualshelves/shelves.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/virtualshelves/shelves.pl b/virtualshelves/shelves.pl index bd1c0d4654..44c7419eec 100755 --- a/virtualshelves/shelves.pl +++ b/virtualshelves/shelves.pl @@ -233,7 +233,7 @@ if ( $op eq 'view' ) { if ( $shelf ) { if ( $shelf->can_be_viewed( $loggedinuser ) ) { my $sortfield = $query->param('sortfield') || $shelf->sortfield || 'title'; # Passed in sorting overrides default sorting - $sortfield = 'title' unless grep {/^$sortfield$/}qw( title author copyrightdate itemcallnumber dateadded ); + $sortfield = 'title' unless grep $_ eq $sortfield, qw( title author copyrightdate itemcallnumber dateadded ); my $direction = $query->param('direction') || 'asc'; $direction = 'asc' if $direction ne 'asc' and $direction ne 'desc'; my ( $rows, $page ); -- 2.39.5