Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/C4
History
Andreas Jonsson dfcdc322e9 Bug 36244: Do template toolkit processing first 
To avoid injection of template toolkit code
from database fields that are controlled by
untrusted sources.

Test plan:

* review subtest 'Template toolkit syntax in
  parameters' in t/db_dependent/Letters.t
* Run the unit test:
  prove t/db_dependent/Letters.t

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 07ac3b0b9450f812bb48cfecf7bf3f47f63279b5)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 20353e094a952f506b9be7f21740e1001fbdeb69)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
2024-03-19 08:12:21 +01:00
..
AuthoritiesMarc
Barcodes
ClassSortRoutine
ClassSplitRoutine
Creators Bug 32222: Fix capitalization in various "id is invalid" 2023-02-08 16:27:45 +00:00
External
Form
Heading Bug 33277: Add comments and missing thesauri 2023-05-15 10:41:29 +00:00
ILSDI Bug 34893: ILS-DI can return the wrong patron for AuthenticatePatron 2024-01-26 09:56:12 +01:00
Installer
Labels
Linker Bug 30280: Add support for subject headings from different thesaurus when using Elasticsearch 2022-10-03 10:00:04 -03:00
Members
OAI
Output
Patroncards Bug 34532: Silence warns in Patroncard.pm 2023-10-12 15:31:48 +00:00
Reports
Search
Serials
SIP Bug 22873: Add comment to explain what disallow_overpayment is for 2023-10-17 17:23:40 +00:00
Utils
Accounts.pm Bug 29184: Fix warn about undefined replacecost 2022-09-08 10:50:30 -07:00
Acquisition.pm Bug 31115: Add additional_attributes support to GetInvoices 2022-10-24 14:11:07 -03:00
Auth.pm Bug 36034: (bug 34893 follow-up) fix capture of return values from checkpw 2024-02-23 17:34:41 +00:00
Auth_cas_servers.yaml.sample
Auth_with_cas.pm Bug 34893: (QA follow-up) Tidy code for qa script 2024-01-26 09:57:14 +01:00
Auth_with_ldap.pm Bug 34893: ILS-DI can return the wrong patron for AuthenticatePatron 2024-01-26 09:56:12 +01:00
Auth_with_shibboleth.pm Bug 34893: ILS-DI can return the wrong patron for AuthenticatePatron 2024-01-26 09:56:12 +01:00
AuthoritiesMarc.pm Bug 32279: Add GetAuthorizedHeading method export C4::AuthoritiesMarc 2023-04-16 18:08:50 +01:00
BackgroundJob.pm
Barcodes.pm
Biblio.pm Bug 34549: Strip non-XML chars during TransformHtmlToMarc 2023-10-17 17:35:41 +00:00
Breeding.pm Bug 33404: Fix serverhost and init $page 2023-07-18 13:27:56 +00:00
Budgets.pm Bug 27550: "Duplicate budget" does not keep users associated with that budget 2022-09-22 08:18:33 -03:00
Calendar.pm Bug 32048: Added clear cache routine to delete_holiday_range_repeatable 2023-10-12 16:00:20 +00:00
Charset.pm
Circulation.pm Bug 30362: Fix GetSoonestRenewDate to really return soonest renew date 2023-08-31 13:34:28 +00:00
ClassSortRoutine.pm
ClassSource.pm
ClassSplitRoutine.pm
Context.pm Bug 32478: (QA follow-up) Keep current hashref behavior 2023-07-18 08:58:45 +00:00
Contract.pm
CourseReserves.pm Bug 30016: Remove GetOpenIssue subroutine 2022-08-31 08:50:37 -03:00
Creators.pm
Heading.pm Bug 33557: Add LinkerConsiderThesaurus system preference 2023-05-16 07:32:11 +01:00
HoldsQueue.pm Bug 34678: Allow new entries to overwrite hold_fill_targets 2023-11-13 15:22:14 +00:00
HTML5Media.pm
ImportBatch.pm Bug 34822: Process real time holds along with indexing 2023-10-17 16:56:24 +00:00
ImportExportFramework.pm
InstallAuth.pm
Installer.pm Bug 34174: (bug 33341 follow-up) Fix Ris export 2023-07-18 13:32:49 +00:00
ItemCirculationAlertPreference.pm
Items.pm Bug 34656: Do not update real Time Holds Queue when moving from cart to shelf 2023-10-12 15:31:50 +00:00
Koha.pm Bug 33341: Address some perlcritic errors in 5.36 2023-04-11 10:54:27 +00:00
Labels.pm
Languages.pm Bug 32775: (QA follow-up) Fix tab and indenting issues 2023-06-05 16:51:50 +00:00
Letters.pm Bug 36244: Do template toolkit processing first 2024-03-19 08:12:21 +01:00
Linker.pm
Log.pm Bug 31203: Add End action to cronjobs and log viewer 2022-10-05 16:12:55 -03:00
MarcModificationTemplates.pm
Matcher.pm Bug 26611: Make authority record matching use required match checks 2023-06-08 17:15:33 +00:00
Members.pm Bug 33937: Remove incorrect export in C4::Members 2023-07-12 09:36:02 +00:00
Message.pm Bug 18398: (follow-up) Update POD & Unit tests 2023-05-09 21:34:01 +01:00
Output.pm Bug 30524: Core CSRF checking code 2023-07-28 11:13:55 +00:00
Overdues.pm Bug 34279: Don't enforce overduefinescap unless it is greater than 0 2023-08-18 10:37:11 +00:00
Patroncards.pm
Record.pm
Reports.pm
Reserves.pm Bug 17798: Confirm hold when printing slip from another patron's account 2023-11-14 13:42:15 -01:00
Ris.pm Bug 34174: (bug 33341 follow-up) Fix Ris export 2023-07-18 13:32:49 +00:00
RotatingCollections.pm
Scheduler.pm
Scrubber.pm
Search.pm Bug 13976: Sort popularity numerically in Zebra 2023-04-16 17:46:38 +01:00
Serials.pm Bug 23775: Claiming a serial issue doesn't create the next one 2023-07-18 13:00:04 +00:00
Service.pm
ShelfBrowser.pm
SMS.pm
SocialData.pm
Stats.pm Bug 7021: Terminology - usercode -> categorycode 2022-09-22 09:31:28 -03:00
Suggestions.pm Bug 32027: Fix 'librarian interface' to use 'staff interface' in Pages/HTML customizations/News 2023-02-08 16:32:02 +00:00
Tags.pm Bug 31517: (QA follow-up) Fix indentation 2022-11-04 19:30:56 -03:00
Templates.pm Bug 31390: Remove noisy warns in C4::Templates 2022-08-22 13:25:00 -03:00
TmplToken.pm
TmplTokenType.pm
TTParser.pm
UsageStats.pm Bug 30025: Replace AllowManualAuthorityEditing with RequireChoosingExistingAuthority 2022-09-16 16:48:34 -03:00
XISBN.pm
XSLT.pm Bug 28375: (follow-up) Use C4::Context->interface 2022-10-20 11:50:53 -03:00