From f7cbe522892217e9db0e5c509fd6f991714cf1ad Mon Sep 17 00:00:00 2001
From: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Date: Wed, 17 Mar 2021 10:14:43 +0100
Subject: [PATCH] Bug 27933: Fix patron search result ordering

On bug 27715 we restrict the order by dt params for security reasons.
However in some cases the param passed is "columnname" instead of
"table.columnname".
We should make sure the table is part of the sort fieldname.

Test plan:
Do a "normal" patron search (from the patrons home page) and another
patron search (guarantor for instance).
Sort by cardnumber, date of birth, expiration date, asc, desc and
confirm it works as expected.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 1b32e66380d5d7701b3f252e8d2be1cbf1622388)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 18e10f100774dfc87cbcaf9e1ebbd28ab9b63de0)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
---
 .../prog/en/modules/common/patron_search.tt              | 9 +++++++++
 .../intranet-tmpl/prog/en/modules/members/member.tt      | 8 +++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/common/patron_search.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/common/patron_search.tt
index 2590a50133..a86dd2237a 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/common/patron_search.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/common/patron_search.tt
@@ -153,6 +153,15 @@
                     },{
                         'name': 'name_sorton',
                         'value': 'borrowers.surname borrowers.firstname'
+                    },{
+                        'name': 'cardnumber_sorton',
+                        'value': 'borrowers.cardnumber',
+                    },{
+                        'name': 'dateofbirth_sorton',
+                        'value': 'borrowers.dateofbirth',
+                    },{
+                        'name': 'dateexpiry_sorton',
+                        'value': 'borrowers.dateexpiry',
                     },{
                         'name': 'category_sorton',
                         'value': 'categories.description',
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt
index 209932b7a6..8da8537c5e 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt
@@ -398,8 +398,14 @@
                         'name': 'name_sorton',
                         'value': 'borrowers.surname borrowers.firstname'
                     },{
-                        'name': 'dateofbirth',
+                        'name': 'cardnumber_sorton',
+                        'value': 'borrowers.cardnumber',
+                    },{
+                        'name': 'dateofbirth_sorton',
                         'value': 'borrowers.dateofbirth',
+                    },{
+                        'name': 'dateexpiry_sorton',
+                        'value': 'borrowers.dateexpiry',
                     },{
                         'name': 'category_sorton',
                         'value': 'categories.description',
-- 
2.39.5