Bug 3652: close XSS vulnerabilities on biblionumber and authid
Previously we did not sanitize biblionumber and authids passed in by the user. To test: 1) Go to /cgi-bin/koha/opac-detail.pl?biblionumber=2hi (substituting a valid biblionumber for the 2). 2) Notice the presence of "2hi" on this page, and also on the ISBD and MARC views. 3) Go to /cgi-bin/koha/opac-authoritiesdetail.pl?authid=2bye (substituting a valid authid for the 2). 4) Notice the presence of "2bye" on this page. 3) Apply patch. 4) Notice that "2hi" and "2bye" strings are gone. Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This commit is contained in:
parent
ac66d224ad
commit
3739e6bd67
5 changed files with 7 additions and 2 deletions
|
@ -66,7 +66,8 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
|
|
||||||
my $biblionumber = $query->param('biblionumber');
|
my $biblionumber = $query->param('biblionumber') || $query->param('bib');
|
||||||
|
$biblionumber = int($biblionumber);
|
||||||
|
|
||||||
# get biblionumbers stored in the cart
|
# get biblionumbers stored in the cart
|
||||||
my @cart_list;
|
my @cart_list;
|
||||||
|
|
|
@ -57,10 +57,11 @@ my $query = new CGI;
|
||||||
|
|
||||||
my $dbh = C4::Context->dbh;
|
my $dbh = C4::Context->dbh;
|
||||||
|
|
||||||
my $biblionumber = $query->param('biblionumber');
|
my $biblionumber = $query->param('biblionumber') || $query->param('bib');
|
||||||
my $itemtype = &GetFrameworkCode($biblionumber);
|
my $itemtype = &GetFrameworkCode($biblionumber);
|
||||||
my $tagslib = &GetMarcStructure( 0, $itemtype );
|
my $tagslib = &GetMarcStructure( 0, $itemtype );
|
||||||
my $biblio = GetBiblioData($biblionumber);
|
my $biblio = GetBiblioData($biblionumber);
|
||||||
|
$biblionumber = $biblio->{biblionumber};
|
||||||
my $record = GetMarcBiblio($biblionumber, 1);
|
my $record = GetMarcBiblio($biblionumber, 1);
|
||||||
if ( ! $record ) {
|
if ( ! $record ) {
|
||||||
print $query->redirect("/cgi-bin/koha/errors/404.pl");
|
print $query->redirect("/cgi-bin/koha/errors/404.pl");
|
||||||
|
|
|
@ -67,6 +67,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
|
||||||
);
|
);
|
||||||
|
|
||||||
my $authid = $query->param('authid');
|
my $authid = $query->param('authid');
|
||||||
|
$authid = int($authid);
|
||||||
my $record = GetAuthority( $authid );
|
my $record = GetAuthority( $authid );
|
||||||
if ( ! $record ) {
|
if ( ! $record ) {
|
||||||
print $query->redirect("/cgi-bin/koha/errors/404.pl"); # escape early
|
print $query->redirect("/cgi-bin/koha/errors/404.pl"); # escape early
|
||||||
|
|
|
@ -69,6 +69,7 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
|
||||||
);
|
);
|
||||||
|
|
||||||
my $biblionumber = $query->param('biblionumber') || $query->param('bib');
|
my $biblionumber = $query->param('biblionumber') || $query->param('bib');
|
||||||
|
$biblionumber = int($biblionumber);
|
||||||
|
|
||||||
my $record = GetMarcBiblio($biblionumber);
|
my $record = GetMarcBiblio($biblionumber);
|
||||||
if ( ! $record ) {
|
if ( ! $record ) {
|
||||||
|
|
|
@ -44,6 +44,7 @@ use XML::LibXML;
|
||||||
|
|
||||||
my $input = new CGI;
|
my $input = new CGI;
|
||||||
my $biblionumber = $input->param('id');
|
my $biblionumber = $input->param('id');
|
||||||
|
$biblionumber = int($biblionumber);
|
||||||
my $importid = $input->param('importid');
|
my $importid = $input->param('importid');
|
||||||
my $view = $input->param('viewas') || 'marc';
|
my $view = $input->param('viewas') || 'marc';
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue