Main Koha release repository https://koha-community.org
Find a file
Fridolyn SOMERS 57866d6b67 Bug 10590 - in opac-topissues limit param is not protected
In opac-topissues page, the limit URL argument is directly added to SQL query.

This patch adds protections : limit must only contain digits and must be lower than 100.

Test plan :
- Edit URL to : /cgi-bin/koha/opac-topissues.pl?limit=10&branch=&itemtype=&timeLimit=999&do_it=1
=> You get the results of 10 most cheched-out of all time
- Edit URL to : /cgi-bin/koha/opac-topissues.pl?limit=&branch=&itemtype=&timeLimit=999&do_it=1
=> You get the results of 10 most cheched-out of all time
- Edit URL to : /cgi-bin/koha/opac-topissues.pl?limit=9999&branch=&itemtype=&timeLimit=999&do_it=1
=> You get the results of 100 most cheched-out of all time
- Edit URL to : /cgi-bin/koha/opac-topissues.pl?limit=WHERE&branch=&itemtype=&timeLimit=999&do_it=1
=> You get the results of 10 most cheched-out of all time

Signed-off-by: Robin Sheat <robin@catalyst.net.nz>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-07-15 15:18:24 +00:00
acqui Bug 10366: Alert librarian if an invoice number is duplicated 2013-07-06 17:13:45 +00:00
admin Bug 9307: QA Followup 2013-06-19 07:19:39 -07:00
authorities Revert "Bug 6554 - make Koha internally utf-8 clean" 2013-04-29 15:12:32 -07:00
basket Bug 9073 - Download option from the cart should match the menu button in lists 2012-11-25 18:08:46 -05:00
C4 Bug 10529: Remove hardcoded dollar from patron message 2013-07-12 20:26:13 +00:00
catalogue Bug 9665: QA follow up fixing tabs 2013-06-17 11:25:40 -07:00
cataloguing Bug 10448: can now change framework after duplicating bib record 2013-07-08 15:23:05 +00:00
circ Bug 10221 - hold expiration doesn't show on patron's list of holds 2013-06-07 08:48:34 -07:00
course_reserves bug 8215: (followup) avoid spurious warning in Apache log 2013-05-21 16:01:08 -07:00
debian Bug 10431 - Spanish Zebra character sorting file 2013-07-05 06:55:49 -07:00
docs Bug 7143: Updating history and about page 2013-07-08 15:55:31 +00:00
errors Housekeeping in errors scripts 2010-05-12 07:29:03 -04:00
etc Bug 10431 - Redundant mappings removed 2013-07-05 06:56:44 -07:00
install_misc Bug 8840 - [SIGNED-OFF] Patch to solve false "All dependencies installed!" 2013-05-12 21:15:19 -04:00
installer Bug 10490: DBrev 3.13.00.012 2013-07-12 20:08:44 +00:00
Koha Bug 10494: remove spurious warnings from the KohaBranchName plugin 2013-06-30 18:45:11 -07:00
koha-tmpl Bug 10514: improve visibility of Add item link on new order form 2013-07-12 23:34:43 +00:00
labels Bug 10527: remove disused routine C4::Branch::get_branch_code_from_name 2013-07-12 20:20:20 +00:00
members Bug 10507: improve warning about duplicate patron attribute value 2013-07-12 20:57:09 +00:00
misc bug 9998: (follow-up) use Modern::Perl as per coding guidelines 2013-07-02 07:09:22 -07:00
offline_circ Bug 8220 - Allow koc uploads to go to process queue instead of being applied directly. 2013-03-21 20:35:37 -04:00
opac Bug 10590 - in opac-topissues limit param is not protected 2013-07-15 15:18:24 +00:00
OpenILS Bug 9239 QA follow-up: remove stray debug code 2013-03-16 21:32:34 -04:00
patroncards Bug 10527: remove disused routine C4::Branch::get_branch_code_from_name 2013-07-12 20:20:20 +00:00
plugins Bug 7804 - Add Koha Plugin System - QA Followup 2 2013-03-20 14:50:19 -04:00
reports Bug 9508: Standardize the dateformat value from C4::Auth 2013-05-20 09:05:01 -07:00
reserve Bug 766: remove CGI::scrolling_list from request.pl 2013-06-05 07:31:06 -07:00
reviews Bug 1623 - Provide view of approved comments 2011-12-27 18:26:50 +01:00
rotating_collections Bug 9605: rotating collections permissions are wrong 2013-03-30 22:11:05 -04:00
selenium Adding selenium tests for filterMembers 2009-09-30 11:30:37 +02:00
serials Bug 10484: serials-edit.pl not checking for barcode field before checking for barcode subfield 2013-06-30 19:02:15 -07:00
services Bug 7178: Acquisition item creation improvement 2012-03-26 11:07:23 +02:00
skel Bug 7804 - Add Koha Plugin System 2013-03-20 14:49:47 -04:00
sms Bug 2505 - Add commented use warnings where missing in the sms/ directory 2010-04-21 20:25:08 +12:00
suggestion Bug 9307: QA Followup 2013-06-19 07:19:39 -07:00
svc Bug 9908 - Fixing OCLC Connexion Client 2013-03-29 21:29:10 -04:00
t Bug 10560: add regression test 2013-07-12 14:57:11 +00:00
tags Merge remote branch 'origin/new/bug6554_reverts' 2013-05-01 11:22:30 -07:00
test Bug 5449: JSON malformed in Koha - Blocker with jQuery 1.4.x 2011-03-12 08:53:41 +13:00
tmp/modified_authorities
tools Bug 10527: remove disused routine C4::Branch::get_branch_code_from_name 2013-07-12 20:20:20 +00:00
virtualshelves Bug 7788: [SIGNED-OFF] Followup: GetShelf call in addbybiblio script corrected 2012-05-22 12:06:26 +02:00
xt Bug 9802 - add test case to ensure man pages have correct XML 2013-03-20 15:11:10 -04:00
.htaccess Fix file permissions: if it is not a script, it should not be executable. 2010-04-16 00:40:34 -04:00
.mailmap 7439 Mailmap for master 2012-01-27 12:27:58 +01:00
about.pl Bug 6506: Followup add warning in the system information tab. 2013-05-01 08:44:11 -04:00
changelanguage.pl Bug 6755 Problems with switching languages 2011-09-23 09:47:09 +12:00
edithelp.pl 7368 Typo in edithelp.pl warning 2013-04-18 09:47:58 -04:00
fix-perl-path.PL installer: improvements to fix-path-perl.PL on Win32 2007-12-20 19:20:12 -06:00
help.pl Bug 10052: QA Followup 2013-05-23 08:55:12 -07:00
INSTALL Bug 7759, update of install files to use background indexing (and some whitespace tidy) 2012-04-20 16:11:52 +02:00
install-CPAN.pl Bug 5370: Fix all the references to koha.org 2010-11-08 09:41:49 +13:00
INSTALL.debian Bug 8092 follow-up: Add optional dependency on CHI 2012-06-09 13:08:18 +02:00
INSTALL.fedora7 Bug 7440 - Remove NoZebra vestiges 2013-03-19 21:17:04 -04:00
INSTALL.opensuse Bug 7759, update of install files to use background indexing (and some whitespace tidy) 2012-04-20 16:11:52 +02:00
INSTALL.ubuntu Bug 8092 follow-up: Add optional dependency on CHI 2012-06-09 13:08:18 +02:00
INSTALL.ubuntu.12.04 Bug 9267 - Ubuntu 12.04 install docs broken 2013-03-07 09:46:55 -05:00
INSTALL.ubuntu.lucid Bug 8092 follow-up: Add optional dependency on CHI 2012-06-09 13:08:18 +02:00
koha_perl_deps.pl bug 10548: fix count of missing required dependencies by koha_perl_deps.pl 2013-07-11 14:03:32 +00:00
kohaversion.pl Bug 10490: DBrev 3.13.00.012 2013-07-12 20:08:44 +00:00
LICENSE Bug 9440 - update Koha's LICENSE file from GPL2 to GPL3 2013-02-12 08:52:10 -05:00
mainpage.pl Bug 10080 - Change system pref IndependantBranches to IndependentBranches 2013-05-22 07:58:23 -07:00
Makefile.PL Bug 10431 - Spanish Zebra character sorting file 2013-07-05 06:55:49 -07:00
MANIFEST.SKIP Bug 9546 : Updating make manifest tardist 2013-02-06 23:54:46 -05:00
README Bug 9440 - update Koha's LICENSE file from GPL2 to GPL3 2013-02-12 08:52:10 -05:00
README.robots Bug 6411 add another example to README.robots 2011-07-05 14:48:05 +12:00
rewrite-config.PL Bug 7804 - Add Koha Plugin System 2013-03-20 14:49:47 -04:00

Koha is a free software integrated library system.

Koha is distributed under the GNU GPL version 3 or later.
Please read the file LICENSE for more details.

To install or upgrade Koha, please see the INSTALL file appropriate
to your platform.

Report bugs at http://bugs.koha-community.org/

Visit the Koha Project website at http://www.koha-community.org/