Bug 21460: (follow-up) Filter params in .pl

[koha.git] / ill / ill-requests.pl

diff --git a/ill/ill-requests.pl b/ill/ill-requests.pl
index 45f99c2..57b0692 100755 (executable)
--- a/ill/ill-requests.pl
+++ b/ill/ill-requests.pl
@@ -30,6 +30,7 @@ use Koha::Libraries;
 use Koha::Token;
 
 use Try::Tiny;
+use URI::Escape;
 
 our $cgi = CGI->new;
 my $illRequests = Koha::Illrequests->new;
@@ -270,18 +271,24 @@ if ( $backends_available ) {
 
         # If we receive a pre-filter, make it available to the template
         my $possible_filters = ['borrowernumber'];
-        my $active_filters = [];
+        my $active_filters = {};
         foreach my $filter(@{$possible_filters}) {
             if ($params->{$filter}) {
-                push @{$active_filters}, "$filter=$params->{$filter}";
+                # We shouldn't need to escape $filter here since we're using
+                # a whitelist, but just to be sure...
+                $active_filters->{uri_escape_utf8($filter)} =
+                    uri_escape_utf8(scalar $params->{$filter});
             }
         }
-        if (scalar @{$active_filters} > 0) {
-            $template->param(
-                prefilters => join(",", @{$active_filters})
-            );
+        if (keys %{$active_filters}) {
+            my @tpl_arr;
+            foreach my $key (keys %{$active_filters}) {
+                push @tpl_arr, $key . "=" . $active_filters->{$key};
+            }
         }
-
+        $template->param(
+            prefilters => join("&", @tpl_arr)
+        );
     } elsif ( $op eq "save_comment" ) {
         die "Wrong CSRF token" unless Koha::Token->new->check_csrf({
            session_id => scalar $cgi->cookie('CGISESSID'),