From a8bf8b00c4dd4b569bad65abdf18e23a807eaca7 Mon Sep 17 00:00:00 2001
From: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Date: Wed, 17 Mar 2021 10:14:43 +0100
Subject: [PATCH] Bug 27933: Fix patron search result ordering

On bug 27715 we restrict the order by dt params for security reasons.
However in some cases the param passed is "columnname" instead of
"table.columnname".
We should make sure the table is part of the sort fieldname.

Test plan:
Do a "normal" patron search (from the patrons home page) and another
patron search (guarantor for instance).
Sort by cardnumber, date of birth, expiration date, asc, desc and
confirm it works as expected.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 1b32e66380d5d7701b3f252e8d2be1cbf1622388)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 18e10f100774dfc87cbcaf9e1ebbd28ab9b63de0)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
(cherry picked from commit f7cbe522892217e9db0e5c509fd6f991714cf1ad)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
---
 .../prog/en/modules/common/patron_search.tt              | 9 +++++++++
 .../intranet-tmpl/prog/en/modules/members/member.tt      | 8 +++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/common/patron_search.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/common/patron_search.tt
index d66c52686a..eaf9147c88 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/common/patron_search.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/common/patron_search.tt
@@ -149,6 +149,15 @@
                     },{
                         'name': 'name_sorton',
                         'value': 'borrowers.surname borrowers.firstname'
+                    },{
+                        'name': 'cardnumber_sorton',
+                        'value': 'borrowers.cardnumber',
+                    },{
+                        'name': 'dateofbirth_sorton',
+                        'value': 'borrowers.dateofbirth',
+                    },{
+                        'name': 'dateexpiry_sorton',
+                        'value': 'borrowers.dateexpiry',
                     },{
                         'name': 'category_sorton',
                         'value': 'categories.description',
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt
index 3d79c56b3b..31c756c81d 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt
@@ -435,8 +435,14 @@
                         'name': 'name_sorton',
                         'value': 'borrowers.surname borrowers.firstname'
                     },{
-                        'name': 'dateofbirth',
+                        'name': 'cardnumber_sorton',
+                        'value': 'borrowers.cardnumber',
+                    },{
+                        'name': 'dateofbirth_sorton',
                         'value': 'borrowers.dateofbirth',
+                    },{
+                        'name': 'dateexpiry_sorton',
+                        'value': 'borrowers.dateexpiry',
                     },{
                         'name': 'category_sorton',
                         'value': 'categories.description',
-- 
2.20.1