Bug 17393: Fix non-Latin chars handling in self reg
If you fill the patron self reg with non-latin characters, they will be
encoded with HTML entities (é)
This bug leads to generate a userid with weird behaviors:
é => eacute
ł => x
Test plan:
0/ Do not apply the patch
1/ Set up the Self reg feature
2/ fill surname, fistname with something like "Michał pouéàç"
3/ Save
4/ See the bad encoding/replacement on the screen and look at the data
The accentued chars are replaced with their html representation and the
non-Latin chars with a 'x'
in the DB
5/ Apply this patch
6/ Repeat steps 2, 3
7/ Everything should be ok
8/ Try to make sure this HTML::Entities escape was not useful:
fill surname with "surname <script>alert("xss?")</script>"
Save and look at the data
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This commit is contained in:
parent
fbe75e66cc
commit
35de8aa1ef
1 changed files with 1 additions and 2 deletions
|
|
@ -20,7 +20,6 @@ use Modern::Perl;
|
|||
use CGI qw ( -utf8 );
|
||||
use Digest::MD5 qw( md5_base64 md5_hex );
|
||||
use String::Random qw( random_string );
|
||||
use HTML::Entities;
|
||||
|
||||
use C4::Auth;
|
||||
use C4::Output;
|
||||
|
|
@ -403,7 +402,7 @@ sub ParseCgiForBorrower {
|
|||
foreach ( $cgi->param ) {
|
||||
if ( $_ =~ '^borrower_' ) {
|
||||
my ($key) = substr( $_, 9 );
|
||||
$borrower{$key} = HTML::Entities::encode( $scrubber->scrub( scalar $cgi->param($_) ) );
|
||||
$borrower{$key} = $scrubber->scrub( scalar $cgi->param($_) );
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue