From 3e31200f29b7c26a2d0e1d0fa311fc1bdcc70cb3 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Tue, 11 Jun 2019 09:24:28 -0500 Subject: [PATCH] Bug 23093: (bug 22318 follow-up) Use placeholders in query moving OpacNavRight Placeholders must be used (!) in all SQL queries. Test plan: 1/ % git checkout 0c95e22afe13349b60d134217fce6718bfa9727f # commit before bug 22318 2/ Edit the pref OpacNavRight with something with " just a " and more ' 3/ git checkout master 4/ restart_all 5/ run updatedatabase.pl => Boom and the content of the pref has been lost 6/ Repeat 1 to 3 7/ Apply this patch 8/ run updatedatabase.pl => The pref has been correctly moved to opac_news Signed-off-by: Mark Tompsett Signed-off-by: Nick Clemens Signed-off-by: Martin Renvoize (cherry picked from commit 18f2074f8df8598527ae8e126c4efc7f3be000e0) Signed-off-by: Fridolin Somers --- installer/data/mysql/updatedatabase.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/installer/data/mysql/updatedatabase.pl b/installer/data/mysql/updatedatabase.pl index db6efb6a77..fb0fe3efcf 100755 --- a/installer/data/mysql/updatedatabase.pl +++ b/installer/data/mysql/updatedatabase.pl @@ -18217,7 +18217,7 @@ if( CheckVersion( $DBversion ) ) { |); if( $OpacNavRight ){ # If there is a value in the OpacNavRight preference, insert it into opac_news - $dbh->do("INSERT INTO opac_news (branchcode, lang, title, content ) VALUES (NULL, 'OpacNavRight_$langs[0]', '', '$OpacNavRight')"); + $dbh->do("INSERT INTO opac_news (branchcode, lang, title, content ) VALUES (NULL, ?, '', ?)", undef, "OpacNavRight_$langs[0]", $OpacNavRight); } # Remove the OpacNavRight system preference $dbh->do("DELETE FROM systempreferences WHERE variable='OpacNavRight'"); -- 2.39.5