From 18e10f100774dfc87cbcaf9e1ebbd28ab9b63de0 Mon Sep 17 00:00:00 2001
From: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Date: Wed, 17 Mar 2021 10:14:43 +0100
Subject: [PATCH] Bug 27933: Fix patron search result ordering

On bug 27715 we restrict the order by dt params for security reasons.
However in some cases the param passed is "columnname" instead of
"table.columnname".
We should make sure the table is part of the sort fieldname.

Test plan:
Do a "normal" patron search (from the patrons home page) and another
patron search (guarantor for instance).
Sort by cardnumber, date of birth, expiration date, asc, desc and
confirm it works as expected.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 1b32e66380d5d7701b3f252e8d2be1cbf1622388)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
---
 .../prog/en/modules/common/patron_search.tt              | 9 +++++++++
 .../intranet-tmpl/prog/en/modules/members/member.tt      | 8 +++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/common/patron_search.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/common/patron_search.tt
index ef285dd0ed..1772d97f3e 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/common/patron_search.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/common/patron_search.tt
@@ -153,6 +153,15 @@
                     },{
                         'name': 'name_sorton',
                         'value': 'borrowers.surname borrowers.firstname'
+                    },{
+                        'name': 'cardnumber_sorton',
+                        'value': 'borrowers.cardnumber',
+                    },{
+                        'name': 'dateofbirth_sorton',
+                        'value': 'borrowers.dateofbirth',
+                    },{
+                        'name': 'dateexpiry_sorton',
+                        'value': 'borrowers.dateexpiry',
                     },{
                         'name': 'category_sorton',
                         'value': 'categories.description',
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt
index 1d2609b0ac..32ea450f76 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt
@@ -398,8 +398,14 @@
                         'name': 'name_sorton',
                         'value': 'borrowers.surname borrowers.firstname'
                     },{
-                        'name': 'dateofbirth',
+                        'name': 'cardnumber_sorton',
+                        'value': 'borrowers.cardnumber',
+                    },{
+                        'name': 'dateofbirth_sorton',
                         'value': 'borrowers.dateofbirth',
+                    },{
+                        'name': 'dateexpiry_sorton',
+                        'value': 'borrowers.dateexpiry',
                     },{
                         'name': 'category_sorton',
                         'value': 'categories.description',
-- 
2.39.5