Bug 36520: Sanitize input in opac-sendbasket.pl
To test 1/ Add some items to your cart in the opac 2/ Choose send cart 3/ Open firefox developer tools and switch to the network tab 4/ Send cart 5/ In the network tab, find the post request and choose copy as curl 6/ Edit the curl command to add )+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))x)--+- to the bib_list parameter 7/ Run the curl notice it takes a long time to respond, if you want to check run the curl without the above part added 8/ Apply the patch and restart plack 9/ Run the modified curl and notice no longer the slow down 10/ Test in browser and make sure the basket is still sent Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This commit is contained in:
parent
167fff1aa8
commit
97aa7492ef
GPG key ID:
0EF6E2C03357A834
1 changed files with 1 additions and 0 deletions
|
|
@ -52,6 +52,7 @@ if ( $op eq "cud-send" && $email_add && $user_email ) {
|
||||||
my @bibs = split( /\//, $bib_list );
|
my @bibs = split( /\//, $bib_list );
|
||||||
my $iso2709;
|
my $iso2709;
|
||||||
foreach my $bib (@bibs) {
|
foreach my $bib (@bibs) {
|
||||||
|
$bib = int($bib);
|
||||||
my $biblio = Koha::Biblios->find($bib) or next;
|
my $biblio = Koha::Biblios->find($bib) or next;
|
||||||
$iso2709 .= $biblio->metadata->record->as_usmarc();
|
$iso2709 .= $biblio->metadata->record->as_usmarc();
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue