Koha/opac
Frère Sébastien Marie 649573ad24 Bug 5131 :restrict use of sort_by value to allowed values
The user input for sort_by value was used without care, resulting the possibility for user to set any Template Variable to 1.

This patch restrict the values to sort field.
The list of allowd_sortby was taken from 'includes/resort_form.inc'.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-08-04 13:17:22 +12:00
..
errors Bugfix in errors/*.pl and opac/errors/*.pl 2010-02-14 20:04:40 -05:00
rss
sco Bug 6549 : sco-main.pl: Parentheses missing around "my" list 2011-07-03 09:00:16 +12:00
changelanguage.pl remove a bunch of unconditional debug warns 2010-07-02 10:57:08 -04:00
ilsdi.pl [MT3696] Fixed ILSDI GetAvailability call 2010-10-13 10:39:38 -04:00
maintenance.pl Bug 2505: Add warnings to opac/maintenance.pl 2010-02-18 11:10:30 -05:00
oai.pl bug 4903: enable OAI-DC output when install done in standard mode 2011-04-07 21:38:53 +12:00
opac-account.pl Bug 4192: Fixes warnings generated by opac-account.pl. 2010-02-16 06:12:38 -05:00
opac-addbybiblionumber.pl Bug 6096 Correctly return arrayref from GetAllShelves 2011-04-08 11:17:04 +12:00
opac-alert-subscribe.pl Bug 4289: 'OpacPublic' feature 2011-01-19 14:30:34 +13:00
opac-authorities-home.pl Bug 5453 Move declarations out of conditionals in opac 2011-07-15 15:50:22 +12:00
opac-authoritiesdetail.pl Bug 5453 Move declarations out of conditionals in opac 2011-07-15 15:50:22 +12:00
opac-basket.pl Bug 5990: Lists and Cart show LOC code not Location Authorized value 2011-04-01 12:07:46 +13:00
opac-browser.pl Bug 4289: 'OpacPublic' feature 2011-01-19 14:30:34 +13:00
opac-changelanguage.pl
opac-detail.pl Bug 5453 Move declarations out of conditionals in opac 2011-07-15 15:50:22 +12:00
opac-downloadcart.pl bug 5579 : Fixes several exports to embed items 2011-04-19 22:35:15 +12:00
opac-downloadshelf.pl Fix for Bug 3140 - It is possible to email someone else's private list 2011-05-26 09:50:52 +12:00
opac-export.pl bug 5579 : Fixes several exports to embed items 2011-04-19 22:35:15 +12:00
opac-ics.pl Fix FSF address in directory opac/ 2010-03-16 20:17:54 -04:00
opac-ISBDdetail.pl Bug 5453 Move declarations out of conditionals in opac 2011-07-15 15:50:22 +12:00
opac-main.pl Bug 4289: 'OpacPublic' feature 2011-01-19 14:30:34 +13:00
opac-MARCdetail.pl Bug 6362: fixes display to re-embed items in OPAC MARC view 2011-06-03 14:18:51 +12:00
opac-messaging.pl Fix FSF address in directory opac/ 2010-03-16 20:17:54 -04:00
opac-modrequest.pl Fix FSF address in directory opac/ 2010-03-16 20:17:54 -04:00
opac-mymessages.pl bug 2615: remove unneeded 'require Exporter' 2008-09-26 09:05:08 -05:00
opac-passwd.pl Bug 2505: Enable warnings in opac-passwd.pl an opac-renew.pl. 2009-08-12 21:28:24 -04:00
opac-privacy.pl Bug 3881: OPAC Privacy reimplementation 2011-01-31 22:23:50 +13:00
opac-readingrecord.pl Bug 6162 Fix passing of borrower details to reading history 2011-04-14 15:01:17 +12:00
opac-renew.pl Bug 5199 : Followup patch, fixing a bug with NULL option 2011-07-03 08:48:52 +12:00
opac-reserve.pl Bug 6347 - Fix for itemlevel holds in OPAC 2011-05-29 15:46:57 +12:00
opac-review.pl Bug 4289: 'OpacPublic' feature 2011-01-19 14:30:34 +13:00
opac-search-history.pl Fix FSF address in directory opac/ 2010-03-16 20:17:54 -04:00
opac-search.pl Bug 5131 :restrict use of sort_by value to allowed values 2011-08-04 13:17:22 +12:00
opac-sendbasket.pl Bug 6050 Make calls to GetItemsInfo consistent 2011-06-14 14:12:02 +12:00
opac-sendshelf.pl Bug 6050 Make calls to GetItemsInfo consistent 2011-06-14 14:12:02 +12:00
opac-serial-issues.pl Bug 6195 : Opac user should not have serial manage tab 2011-04-19 13:29:01 +12:00
opac-shelves.pl Bug 4289: 'OpacPublic' feature 2011-01-19 14:30:34 +13:00
opac-showmarc.pl Bug 4289: 'OpacPublic' feature 2011-01-19 14:30:34 +13:00
opac-showreviews.pl Bug 6298 : Create new ShowReviewerPhoto preference 2011-07-05 15:01:13 +12:00
opac-suggestions.pl Bug 5928 :wr77152 : AllowPurchaseSuggestionBranchChoice sys pref 2011-03-23 10:35:16 +13:00
opac-tags.pl Fix for Bug 5812 - Tag Cloud - capitalized words come before lower-case words 2011-02-28 10:38:29 +13:00
opac-tags_subject.pl Bug 4289: 'OpacPublic' feature 2011-01-19 14:30:34 +13:00
opac-topissues.pl Bug 5453 Move declarations out of conditionals in opac 2011-07-15 15:50:22 +12:00
opac-user.pl Bug 6598 : ensure OPACFineRenewals can prevent opac renewals 2011-08-01 13:21:13 +12:00
opac-userdetails.pl Fix FSF address in directory opac/ 2010-03-16 20:17:54 -04:00
opac-userupdate.pl Bug 5422: Separate state field for patron's addresses 2011-04-09 11:52:07 +12:00
unapi fixing various links to point to *.koha-community.org 2010-10-21 22:08:24 -04:00