X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=admin%2Fauth_tag_structure.pl;h=bd3dc93f77e4bc926f7142096bd754e4f8484c30;hb=1f6ae97375038d222d9cfb2ced42188250bee460;hp=27c48e9bf271c9e35d2186d7cf505aea346aecc4;hpb=a8222aeeb1169d7b1939d1e64c319a16e3846e8c;p=koha.git diff --git a/admin/auth_tag_structure.pl b/admin/auth_tag_structure.pl index 27c48e9bf2..bd3dc93f77 100755 --- a/admin/auth_tag_structure.pl +++ b/admin/auth_tag_structure.pl @@ -55,15 +55,14 @@ my ($template, $loggedinuser, $cookie) }); # get authtype list -my $authtypes = getauthtypes; -my @authtypesloop; -foreach my $thisauthtype (keys %$authtypes) { - my $selected = 1 if $thisauthtype eq $authtypecode; - my %row =(value => $thisauthtype, - selected => $selected, - authtypetext => $authtypes->{$thisauthtype}->{'authtypetext'}, - ); - push @authtypesloop, \%row; +my $authtypes = getauthtypes; +my @authtypesloop = (); +foreach my $thisauthtype ( keys %{$authtypes} ) { + push @authtypesloop, + { value => $thisauthtype, + selected => $thisauthtype eq $authtypecode, + authtypetext => $authtypes->{$thisauthtype}->{'authtypetext'}, + }; } my $sth; @@ -188,9 +187,10 @@ if ($op eq 'add_form') { # called by delete_confirm, used to effectively confirm deletion of data in DB } elsif ($op eq 'delete_confirmed') { unless (C4::Context->config('demo') eq 1) { - $dbh->do("delete from auth_tag_structure where tagfield='$searchfield' and authtypecode='$authtypecode'"); - $dbh->do("delete from auth_subfield_structure where tagfield='$searchfield' and authtypecode='$authtypecode'"); - # FIXME: Secuity vulnerability -- use placeholders, prepare and execute! + my $sth = $dbh->prepare("delete from auth_tag_structure where tagfield=? and authtypecode=?"); + $sth->execute($searchfield,$authtypecode); + my $sth = $dbh->prepare("delete from auth_subfield_structure where tagfield=? and authtypecode=?"); + $sth->execute($searchfield,$authtypecode); } print "Content-Type: text/html\n\nparam('tagfield')."&authtypecode=$authtypecode\">"; exit;