From f8db499f4a9c71e7a2ffef0fadaecddb938330d4 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Sat, 8 Jun 2019 14:45:33 -0500 Subject: [PATCH] Bug 22941: Do not return 500 if sortfield contain parenthesis Test plan: Hit /virtualshelves/shelves.pl?op=view&shelfnumber=1&sortfield=author( You must not get: Unmatched ( in regex; marked by <-- HERE in m/^author( <-- HERE $/ at /home/vagrant/kohaclone/virtualshelves/shelves.pl line 236 Signed-off-by: Mark Tompsett Signed-off-by: Martin Renvoize Signed-off-by: Martin Renvoize --- virtualshelves/shelves.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/virtualshelves/shelves.pl b/virtualshelves/shelves.pl index 097607c7ee..5fddf374a4 100755 --- a/virtualshelves/shelves.pl +++ b/virtualshelves/shelves.pl @@ -234,7 +234,7 @@ if ( $op eq 'view' ) { if ( $shelf ) { if ( $shelf->can_be_viewed( $loggedinuser ) ) { my $sortfield = $query->param('sortfield') || $shelf->sortfield || 'title'; # Passed in sorting overrides default sorting - $sortfield = 'title' unless grep {/^$sortfield$/}qw( title author copyrightdate itemcallnumber dateadded ); + $sortfield = 'title' unless grep $_ eq $sortfield, qw( title author copyrightdate itemcallnumber dateadded ); my $direction = $query->param('direction') || 'asc'; $direction = 'asc' if $direction ne 'asc' and $direction ne 'desc'; my ( $rows, $page ); -- 2.39.5