From 1b32e66380d5d7701b3f252e8d2be1cbf1622388 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Wed, 17 Mar 2021 10:14:43 +0100 Subject: [PATCH] Bug 27933: Fix patron search result ordering On bug 27715 we restrict the order by dt params for security reasons. However in some cases the param passed is "columnname" instead of "table.columnname". We should make sure the table is part of the sort fieldname. Test plan: Do a "normal" patron search (from the patrons home page) and another patron search (guarantor for instance). Sort by cardnumber, date of birth, expiration date, asc, desc and confirm it works as expected. Signed-off-by: Owen Leonard Signed-off-by: Martin Renvoize --- .../prog/en/modules/common/patron_search.tt | 9 +++++++++ .../intranet-tmpl/prog/en/modules/members/member.tt | 8 +++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/common/patron_search.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/common/patron_search.tt index ef285dd0ed..1772d97f3e 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/common/patron_search.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/common/patron_search.tt @@ -153,6 +153,15 @@ },{ 'name': 'name_sorton', 'value': 'borrowers.surname borrowers.firstname' + },{ + 'name': 'cardnumber_sorton', + 'value': 'borrowers.cardnumber', + },{ + 'name': 'dateofbirth_sorton', + 'value': 'borrowers.dateofbirth', + },{ + 'name': 'dateexpiry_sorton', + 'value': 'borrowers.dateexpiry', },{ 'name': 'category_sorton', 'value': 'categories.description', diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt index 2ab9c823a2..f039dd2375 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt @@ -398,8 +398,14 @@ 'name': 'name_sorton', 'value': 'borrowers.surname borrowers.firstname' },{ - 'name': 'dateofbirth', + 'name': 'cardnumber_sorton', + 'value': 'borrowers.cardnumber', + },{ + 'name': 'dateofbirth_sorton', 'value': 'borrowers.dateofbirth', + },{ + 'name': 'dateexpiry_sorton', + 'value': 'borrowers.dateexpiry', },{ 'name': 'category_sorton', 'value': 'categories.description', -- 2.39.5