Jonathan Druart
35de8aa1ef
If you fill the patron self reg with non-latin characters, they will be encoded with HTML entities (é) This bug leads to generate a userid with weird behaviors: é => eacute ł => x Test plan: 0/ Do not apply the patch 1/ Set up the Self reg feature 2/ fill surname, fistname with something like "Michał pouéàç" 3/ Save 4/ See the bad encoding/replacement on the screen and look at the data The accentued chars are replaced with their html representation and the non-Latin chars with a 'x' in the DB 5/ Apply this patch 6/ Repeat steps 2, 3 7/ Everything should be ok 8/ Try to make sure this HTML::Entities escape was not useful: fill surname with "surname <script>alert("xss?")</script>" Save and look at the data Followed test plan, works as expected. Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> |
||
---|---|---|
.. | ||
errors | ||
rss | ||
sco | ||
svc | ||
ilsdi.pl | ||
maintenance.pl | ||
oai.pl | ||
opac-account-pay-paypal-return.pl | ||
opac-account-pay.pl | ||
opac-account.pl | ||
opac-addbybiblionumber.pl | ||
opac-alert-subscribe.pl | ||
opac-authorities-home.pl | ||
opac-authoritiesdetail.pl | ||
opac-basket.pl | ||
opac-blocked.pl | ||
opac-browser.pl | ||
opac-changelanguage.pl | ||
opac-course-details.pl | ||
opac-course-reserves.pl | ||
opac-detail.pl | ||
opac-discharge.pl | ||
opac-downloadcart.pl | ||
opac-downloadshelf.pl | ||
opac-export.pl | ||
opac-ics.pl | ||
opac-idref.pl | ||
opac-image.pl | ||
opac-imageviewer.pl | ||
opac-ISBDdetail.pl | ||
opac-main.pl | ||
opac-MARCdetail.pl | ||
opac-memberentry.pl | ||
opac-messaging.pl | ||
opac-modrequest-suspend.pl | ||
opac-modrequest.pl | ||
opac-mymessages.pl | ||
opac-news-rss.pl | ||
opac-overdrive-search.pl | ||
opac-passwd.pl | ||
opac-password-recovery.pl | ||
opac-patron-image.pl | ||
opac-privacy.pl | ||
opac-ratings-ajax.pl | ||
opac-ratings.pl | ||
opac-readingrecord.pl | ||
opac-registration-verify.pl | ||
opac-renew.pl | ||
opac-reserve.pl | ||
opac-restrictedpage.pl | ||
opac-retrieve-file.pl | ||
opac-review.pl | ||
opac-search-history.pl | ||
opac-search.pl | ||
opac-sendbasket.pl | ||
opac-sendshelf.pl | ||
opac-serial-issues.pl | ||
opac-shareshelf.pl | ||
opac-shelves.pl | ||
opac-showmarc.pl | ||
opac-showreviews.pl | ||
opac-suggestions.pl | ||
opac-tags.pl | ||
opac-tags_subject.pl | ||
opac-topissues.pl | ||
opac-user.pl | ||
tracklinks.pl | ||
unapi |