Koha/C4
Andreas Jonsson bc305ac584
Bug 36244: Do template toolkit processing first
To avoid injection of template toolkit code
from database fields that are controlled by
untrusted sources.

Test plan:

* review subtest 'Template toolkit syntax in
  parameters' in t/db_dependent/Letters.t
* Run the unit test:
  prove t/db_dependent/Letters.t

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-04-03 17:05:46 +02:00
..
AuthoritiesMarc
Barcodes
ClassSortRoutine
ClassSplitRoutine
Creators Bug 10762: (QA follow-up) Perltidy 2023-10-25 10:35:31 -03:00
External
Form
Heading Bug 21828: build $bib_heading_fields only once per invocation 2023-09-22 12:57:46 -03:00
ILSDI Bug 34893: ILS-DI can return the wrong patron for AuthenticatePatron 2024-02-02 17:31:46 +01:00
Installer
Labels Bug 10762: (QA follow-up) Perltidy 2023-10-25 10:35:31 -03:00
Linker
Members Bug 33239: Add the ability to run borrowers-force-messaging-defaults.pl only on a specified message name 2023-10-11 10:31:46 -03:00
OAI
Output
Patroncards Bug 34532: Silence warns in Patroncard.pm 2023-09-15 11:57:08 -03:00
Reports
Search
Serials
SIP Bug 25813: Enhance patron expiration in SIP display 2024-03-22 15:07:31 +01:00
Utils/DataTables Bug 34913: Fix perlcritic for VirtualShelves.pm 2024-01-29 12:24:54 +01:00
Accounts.pm
Acquisition.pm Bug 14092: (QA follow-up) Avoid fiddling with the hash in the template 2023-10-20 16:31:15 -03:00
Auth.pm Bug 36056: Clarify subpermissions AND behavior 2024-03-07 17:35:40 +01:00
Auth_cas_servers.yaml.sample
Auth_with_cas.pm Bug 34893: (QA follow-up) Tidy code for qa script 2024-02-02 17:31:47 +01:00
Auth_with_ldap.pm Bug 34893: ILS-DI can return the wrong patron for AuthenticatePatron 2024-02-02 17:31:46 +01:00
Auth_with_shibboleth.pm Bug 34893: ILS-DI can return the wrong patron for AuthenticatePatron 2024-02-02 17:31:46 +01:00
AuthoritiesMarc.pm Bug 29522: [alternate] Skip relinking bibliographic records when merging authorities 2024-03-15 15:39:15 +01:00
Barcodes.pm
Biblio.pm Bug 34943: (QA follow-up) Use before_biblio_action and an action param 2024-03-25 09:53:20 +01:00
Breeding.pm Bug 28166: (QA follow-up) Fix and tidy tests and code 2023-10-23 11:33:50 -03:00
Budgets.pm Bug 31631: Optionally use tax-exclusive values for calculating fund values 2023-10-18 15:41:35 -03:00
Calendar.pm Bug 32048: Added clear cache routine to delete_holiday_range_repeatable 2023-09-18 15:31:50 -03:00
Charset.pm
Circulation.pm Bug 36331: (follow-up) Ignore non_priority holds when checking renewability 2024-03-22 15:07:40 +01:00
ClassSortRoutine.pm
ClassSource.pm
ClassSplitRoutine.pm
Context.pm Bug 33431: Make C4::Circulation use C4::Context->yaml_preference 2024-03-18 11:03:37 +01:00
Contract.pm
CourseReserves.pm
Creators.pm
Heading.pm
HoldsQueue.pm Bug 34678: Allow new entries to overwrite hold_fill_targets 2023-10-27 16:44:24 -03:00
HTML5Media.pm
ImportBatch.pm Bug 35438: Remove skip_intermediate_commit parameter 2024-01-16 12:06:08 +01:00
ImportExportFramework.pm
InstallAuth.pm Bug 36102: Fix expired session on the login page of the installer (?) 2024-03-01 11:00:35 +01:00
Installer.pm
ItemCirculationAlertPreference.pm
Items.pm Bug 32029: Automatic item modifications by age add biblio table 2024-01-26 15:13:50 +01:00
Koha.pm Bug 35833: Fix warnings from C4/Koha 2024-01-29 12:24:58 +01:00
Labels.pm
Languages.pm
Letters.pm Bug 36244: Do template toolkit processing first 2024-04-03 17:05:46 +02:00
Linker.pm
Log.pm
MarcModificationTemplates.pm
Matcher.pm
Members.pm Bug 26170: Add protected status for patrons 2023-11-01 17:23:06 -03:00
Message.pm
Output.pm Bug 34478: Remove check_csrf from pl files 2024-03-01 10:56:01 +01:00
Overdues.pm
Patroncards.pm
Record.pm Bug 33431: Make C4::Record use C4::Context->yaml_preference 2024-03-18 11:03:38 +01:00
Reports.pm
Reserves.pm Bug 35491: Add logging to RevertWaitingStatus 2023-12-19 13:42:13 +01:00
Ris.pm Bug 33431: Fix remaining cases 2024-03-18 11:03:39 +01:00
RotatingCollections.pm
Scheduler.pm
Scrubber.pm
Search.pm Bug 35833: Silence few warnings from searching 2024-01-29 12:24:58 +01:00
Serials.pm Bug 31846: (QA follow-up) Tidy code to make qa script happy 2023-10-25 10:35:28 -03:00
Service.pm
ShelfBrowser.pm
SMS.pm
SocialData.pm Bug 33833: Add two FIXMEs to SocialData::get_report 2023-09-05 14:35:35 -03:00
Stats.pm Bug 33608: (QA follow-up) Remove ->insert method 2023-10-25 11:07:59 -03:00
Suggestions.pm
Tags.pm
Templates.pm Bug 35070: Tidy 2024-01-04 16:51:45 +01:00
TmplToken.pm
TmplTokenType.pm
TTParser.pm
UsageStats.pm
XISBN.pm
XSLT.pm Bug 33217: Tidy 2023-11-08 17:52:42 -03:00