Koha/opac
Marcel de Rooy 2e54e781c5 Bug 36875: Do not pass unsanitized language to $page->translated_content
Test plan:
Try to access opac-page.pl with a language not in OPACLanguages.
Verify that this 'language' was not passed to sql. Simplest perhaps
by debugging AdditionalContent.pm. Something like:
 sub translated_content {
     my ( $self, $lang ) = @_;
+warn "L137: $lang";
Now have a public additional_contents page and hit it:
    /cgi-bin/koha/opac-page.pl?page_id=5&language=badsql
Check your log and find:
[2024/05/16 07:25:53] [WARN] L137: en at [etc] line 137.
So badsql was caught.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 1a9e3647095eaf9563db59bd8b3a759a0875cc39)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2024-06-06 10:49:20 +02:00
..
clubs Bug 29844: Fix ->search occurrences 2022-02-09 15:36:23 -10:00
errors Bug 36148: Improve error handling and restore programming errors 2024-03-01 11:01:06 +01:00
external/overdrive
sci Bug 34478: Changes for opac/sci/sci-main 2024-03-01 10:57:38 +01:00
sco Bug 32256: Use a new SCOBatchCheckoutsValidCategories syspref 2024-05-08 18:23:55 +02:00
svc Bug 36418: opac/svc/club: switch content-type to application/json 2024-04-02 17:59:05 +02:00
ilsdi.pl
maintenance.pl Bug 23798: Convert OpacMaintenanceNotice system preference to additional contents 2023-11-08 17:41:27 -03:00
oai.pl Bug 14939: Modularize OAI Server existing classes 2015-12-31 15:15:05 +00:00
opac-account-pay-return.pl
opac-account-pay.pl Bug 36088: Remove useless code form opac-account-pay.pl 2024-03-07 15:02:43 +01:00
opac-account.pl Bug 29844: Fix ->search occurrences 2022-02-09 15:36:23 -10:00
opac-addbybiblionumber.pl Bug 34478: Changes for opac-addbybiblionumber 2024-03-01 10:57:37 +01:00
opac-alert-subscribe.pl Bug 34478: op =~ ^cud- in pl/pm 2024-03-01 10:56:11 +01:00
opac-alert-subscriptions.pl Bug 34478: Remove generate_csrf from pl 2024-03-01 10:55:56 +01:00
opac-article-request-cancel.pl
opac-authorities-home.pl Bug 34478: op =~ ^cud- in pl/pm 2024-03-01 10:56:11 +01:00
opac-authoritiesdetail.pl Bug 29948: OPACAuthorIdentifiersAndInformation 2024-05-13 14:00:10 +02:00
opac-basket.pl Bug 33102: Display fields from biblioitems in OPAC/staff interface cart 2023-05-05 17:45:19 -03:00
opac-blocked.pl Bug 35952: Remove unnecessary line for OpacSuppressionMessage 2024-03-07 15:02:50 +01:00
opac-browse.pl
opac-browser.pl Bug 34478: op =~ ^cud- in pl/pm 2024-03-01 10:56:11 +01:00
opac-changelanguage.pl
opac-course-details.pl
opac-course-reserves.pl
opac-curbside-pickups.pl Bug 34478: op =~ ^cud- in pl/pm 2024-03-01 10:56:11 +01:00
opac-detail.pl Bug 29948: OPACAuthorIdentifiersAndInformation 2024-05-13 14:00:10 +02:00
opac-discharge.pl Bug 34478: op =~ ^cud- in pl/pm 2024-03-01 10:56:11 +01:00
opac-dismiss-message.pl Bug 36532: Protect opac-dismiss-message.pl from malicious usages 2024-05-14 15:04:34 -03:00
opac-downloadcart.pl
opac-downloadshelf.pl Bug 33069: Fix error in MARC download for OPAC lists 2023-05-09 10:57:55 -03:00
opac-export.pl
opac-holdshistory.pl
opac-ics.pl
opac-idref.pl
opac-illrequests.pl Bug 35581: Koha::Illrequest -> Koha::ILL::Request 2024-04-22 08:57:45 +02:00
opac-image.pl Bug 33047: Return 404 instead of 500 when biblio does not exist 2023-07-10 15:43:14 -03:00
opac-imageviewer.pl
opac-ISBDdetail.pl Bug 35961: (follow-up) Pass along the borrowernumber 2024-05-17 10:36:32 +02:00
opac-issue-note.pl Bug 34478: op =~ ^cud- in pl/pm - Manual cud-email => email 2024-03-01 10:57:14 +01:00
opac-library.pl Bug 31775: Show single library 2022-10-17 08:25:55 -03:00
opac-main.pl Bug 31383: Create a parent-child DB relation for additional content 2023-10-20 14:43:56 -03:00
opac-MARCdetail.pl Bug 35961: (follow-up) Pass along the borrowernumber 2024-05-17 10:36:32 +02:00
opac-memberentry.pl Bug 36816: Remove warning 2024-05-24 15:36:45 +02:00
opac-messaging.pl Bug 34478: Add 'op' to opac-messaging 2024-03-01 10:57:07 +01:00
opac-modrequest-suspend.pl Bug 34478: Manual fix - add ops - hold-table.inc opac-user.tt 2024-03-01 10:57:21 +01:00
opac-modrequest.pl Bug 34478: Manual fix - add ops - hold-table.inc opac-user.tt 2024-03-01 10:57:21 +01:00
opac-mymessages.pl
opac-news-rss.pl
opac-overdrive-search.pl Bug 29318: Tidy the code 2021-10-26 16:46:03 +02:00
opac-page.pl Bug 36875: Do not pass unsanitized language to $page->translated_content 2024-06-06 10:49:20 +02:00
opac-passwd.pl Bug 34478: op =~ ^cud- in pl/pm 2024-03-01 10:56:11 +01:00
opac-password-recovery.pl Bug 34478: Changes for opac-password-recovery 2024-03-01 10:57:35 +01:00
opac-patron-consent.pl Bug 31503: Make opac-patron-consent more generic 2023-10-25 10:35:20 -03:00
opac-patron-image.pl
opac-privacy.pl Bug 34478: op =~ ^cud- in pl/pm 2024-03-01 10:56:11 +01:00
opac-ratings.pl Bug 34478: Add 'op' to opac-ratings 2024-03-01 10:57:09 +01:00
opac-readingrecord.pl Bug 33949: Replace GetAllIssues with Koha::Checkouts - opac 2023-10-18 15:41:26 -03:00
opac-recall.pl Bug 36142: recallsview template param for opac-recall.tt 2024-04-05 11:51:23 +02:00
opac-recalls.pl
opac-registration-verify.pl Bug 34478: op =~ ^cud- in pl/pm - Manual cud-email => email 2024-03-01 10:57:14 +01:00
opac-renew.pl Bug 34478: op =~ ^cud- in pl/pm 2024-03-01 10:56:11 +01:00
opac-reportproblem.pl Bug 34478: Manual fix - problem_reports 2024-03-01 10:56:59 +01:00
opac-request-article.pl Bug 34478: Add 'op' to opac-request-article 2024-03-01 10:57:08 +01:00
opac-reserve.pl Bug 35977: (follow-up) Cleaner working approach 2024-05-02 13:19:12 +02:00
opac-reset-password.pl Bug 34478: op =~ ^cud- in pl/pm 2024-03-01 10:56:11 +01:00
opac-restrictedpage.pl
opac-retrieve-file.pl Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
opac-review.pl Bug 34478: Changes for opac-review 2024-03-01 10:57:20 +01:00
opac-routing-lists.pl
opac-search-history.pl Bug 34478: Manual fix - action to op / add cud- - opac-search-history 2024-03-01 10:57:13 +01:00
opac-search.pl Bug 35558: Do not retrieve the local image if none exists - OPAC 2024-04-26 18:06:08 +02:00
opac-sendbasket.pl Bug 36520: Sanitize input in opac-sendbasket.pl 2024-06-06 10:49:20 +02:00
opac-sendshelf.pl Bug 34478: Changes for opac-sendshelf 2024-03-01 10:57:25 +01:00
opac-serial-issues.pl
opac-shareshelf.pl Bug 34478: Changes for opac-shareshelf 2024-03-01 10:59:26 +01:00
opac-shelves.pl Bug 36858: Remove warnings 2024-05-22 16:18:11 +02:00
opac-showmarc.pl
opac-showreviews.pl
opac-suggestions.pl Bug 34478: op =~ ^cud- in pl/pm 2024-03-01 10:56:11 +01:00
opac-tags.pl Bug 36785: Typo unreconized and bilbio in tags code 2024-05-17 10:36:35 +02:00
opac-tags_subject.pl
opac-topissues.pl Bug 34478: op =~ ^cud- - Manual - cud-do_it => do_it 2024-03-01 10:58:32 +01:00
opac-user.pl Bug 34478: Remove check_csrf from pl files 2024-03-01 10:56:01 +01:00
tracklinks.pl
unapi