Bug 17393: Fix non-Latin chars handling in self reg
If you fill the patron self reg with non-latin characters, they will be encoded with HTML entities (é) This bug leads to generate a userid with weird behaviors: é => eacute ł => x Test plan: 0/ Do not apply the patch 1/ Set up the Self reg feature 2/ fill surname, fistname with something like "Michał pouéàç" 3/ Save 4/ See the bad encoding/replacement on the screen and look at the data The accentued chars are replaced with their html representation and the non-Latin chars with a 'x' in the DB 5/ Apply this patch 6/ Repeat steps 2, 3 7/ Everything should be ok 8/ Try to make sure this HTML::Entities escape was not useful: fill surname with "surname <script>alert("xss?")</script>" Save and look at the data Followed test plan, works as expected. Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This commit is contained in:
parent
fbe75e66cc
commit
35de8aa1ef
1 changed files with 1 additions and 2 deletions
|
@ -20,7 +20,6 @@ use Modern::Perl;
|
|||
use CGI qw ( -utf8 );
|
||||
use Digest::MD5 qw( md5_base64 md5_hex );
|
||||
use String::Random qw( random_string );
|
||||
use HTML::Entities;
|
||||
|
||||
use C4::Auth;
|
||||
use C4::Output;
|
||||
|
@ -403,7 +402,7 @@ sub ParseCgiForBorrower {
|
|||
foreach ( $cgi->param ) {
|
||||
if ( $_ =~ '^borrower_' ) {
|
||||
my ($key) = substr( $_, 9 );
|
||||
$borrower{$key} = HTML::Entities::encode( $scrubber->scrub( scalar $cgi->param($_) ) );
|
||||
$borrower{$key} = $scrubber->scrub( scalar $cgi->param($_) );
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue