Koha/virtualshelves at 936b23e17a4b7d76d94be276ed1ceb9be8872299 - Koha-community/Koha - Koha: The world's first free and open source library system

History

Jonathan Druart 45cffd874c Bug 17901: Fix possible SQL injection in shelf editing It has been reported that /cgi-bin/koha/opac-shelves.pl?op=edit&referer=view&shelfnumber=146&owner=4&shelfname=testX&sortfield=titleaaaaaa\`&category=1 Could lead to SQL injection Actually it explodes because the generated SQL query is not correctly formated. However it would be good to limit the possible values for sortfield. This vulnerability has been reported by MDSec. Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>		2017-01-30 11:20:48 +00:00
..
addbybiblionumber.pl	Bug 16519: Replace 'our' with 'my' in [opac-]addbybiblionumbers.pl	2016-09-25 15:42:40 +00:00
downloadshelf.pl	Bug 17094: Make Koha::Virtualshelf methods return Koha::Objects-based objects	2016-10-11 13:14:46 +00:00
sendshelf.pl	Bug 17094: Make Koha::Virtualshelf methods return Koha::Objects-based objects	2016-10-11 13:14:46 +00:00
shelves.pl	Bug 17901: Fix possible SQL injection in shelf editing	2017-01-30 11:20:48 +00:00