projects / koha.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Bug 5595 : Fixing a security glitch (please always use placeholders or
[koha.git] / C4 / Members / Attributes.pm
diff --git a/C4/Members/Attributes.pm b/C4/Members/Attributes.pm
index b89b03a..1db9424 100644 (file)
--- a/C4/Members/Attributes.pm
+++ b/C4/Members/Attributes.pm
@@ -102,16 +102,16 @@ sub GetBorrowerAttributes {
 
 sub SearchIdMatchingAttribute{
     my $filter = shift;
-       my $finalfilter=$$filter[0];
+    my $finalfilter=$filter->[0];
     my $dbh   = C4::Context->dbh();
     my $query = qq{
 SELECT borrowernumber
 FROM borrower_attributes
 JOIN borrower_attribute_types USING (code)
 WHERE staff_searchable = 1
-AND attribute like "%$finalfilter%"};
+AND attribute like ?};
     my $sth = $dbh->prepare_cached($query);
-    $sth->execute();
+    $sth->execute("%$finalfilter%");
     return $sth->fetchall_arrayref;
 }
 
Koha ILS @ FFZG - based on git://git.koha.org/pub/scm/koha.git