From 74cdd57ecb28a3f6b443c70274528c1ae5daf352 Mon Sep 17 00:00:00 2001
From: MJ Ray <mjr@phonecoop.coop>
Date: Fri, 25 Feb 2011 08:26:20 -0500
Subject: [PATCH] bug 1953: Reduce risk of possible tainted supplierid call to
 C4::Serials::GetLateIssues

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
---
 C4/Serials.pm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/C4/Serials.pm b/C4/Serials.pm
index 5e2fa2235f..da0f4bda7c 100644
--- a/C4/Serials.pm
+++ b/C4/Serials.pm
@@ -125,10 +125,11 @@ sub GetLateIssues {
             LEFT JOIN  biblio ON biblio.biblionumber = subscription.biblionumber
             LEFT JOIN  aqbooksellers ON subscription.aqbooksellerid = aqbooksellers.id
             WHERE      ((planneddate < now() AND serial.STATUS =1) OR serial.STATUS = 3)
-            AND        subscription.aqbooksellerid=$supplierid
+            AND        subscription.aqbooksellerid=?
             ORDER BY   title
         |;
         $sth = $dbh->prepare($query);
+        $sth->execute($supplierid);
     } else {
         my $query = qq|
             SELECT     name,title,planneddate,serialseq,serial.subscriptionid
@@ -140,8 +141,8 @@ sub GetLateIssues {
             ORDER BY   title
         |;
         $sth = $dbh->prepare($query);
+        $sth->execute;
     }
-    $sth->execute;
     my @issuelist;
     my $last_title;
     my $odd   = 0;
-- 
2.39.5