projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ac66d22) | patch
Bug 3652: close XSS vulnerabilities on biblionumber and authid
authorJared Camins-Esakov <jcamins@cpbibliography.com>
Mon, 15 Oct 2012 15:45:38 +0000 (11:45 -0400)
committerPaul Poulain <paul.poulain@biblibre.com>
Wed, 24 Oct 2012 13:23:50 +0000 (15:23 +0200)
commit3739e6bd6722af35a9f3f55af0e889036e56010e
tree612ecc07c60acfc669486c9742ad98738dd3ce91tree | snapshot
parentac66d224add7324d08b0bdf86d1574e401280e41commit | diff
Bug 3652: close XSS vulnerabilities on biblionumber and authid

Previously we did not sanitize biblionumber and authids passed in by
the user.

To test:
1) Go to /cgi-bin/koha/opac-detail.pl?biblionumber=2hi (substituting a
   valid biblionumber for the 2).
2) Notice the presence of "2hi" on this page, and also on the ISBD and
   MARC views.
3) Go to /cgi-bin/koha/opac-authoritiesdetail.pl?authid=2bye
   (substituting a valid authid for the 2).
4) Notice the presence of "2bye" on this page.
3) Apply patch.
4) Notice that "2hi" and "2bye" strings are gone.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
opac/opac-ISBDdetail.pl diff | blob | history
opac/opac-MARCdetail.pl diff | blob | history
opac/opac-authoritiesdetail.pl diff | blob | history
opac/opac-detail.pl diff | blob | history
opac/opac-showmarc.pl diff | blob | history
Main Koha release repository