Koha/admin at ff280e01f4927d3860ec3d607e8d3be310dd358b - Koha-community/Koha - Koha: The world's first free and open source library system

History

David Cook a72262a950 Bug 14521: SQL injection in local use system preferences This patch fixes a SQL injection vulnerability in the local use system preferences. _TEST PLAN_ Before applying: 1) Go to Global System Preferences 2) Click on the "Local use" tab 3) Add a new preference with the value "') or '1' = '1' -- " (be sure to include the space at the end after the comment --). 4) When the page refreshes, you should now see about 99 other system preferences which shouldn't be showing up. 5) Apply the patch 6) Refresh the page 7) Note that you now only see a system preference for "') or '1' = '1' -- " and the other actual local use system preferences. Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>		2015-07-20 10:15:27 -03:00
..
add_user_search.pl	Bug 13891: DataTables server-side processing - Fix regressions	2015-04-13 10:55:30 -03:00
admin-home.pl	Bug 9978: (followup) Replace license header with the correct license (GPLv3+)	2015-04-20 09:59:43 -03:00
aqbudgetperiods.pl	Bug 9978: Replace license header with the correct license (GPLv3+)	2015-04-20 09:59:38 -03:00
aqbudgets.pl	Bug 14383: admin: Fix some typos in comments and documentation	2015-06-22 17:34:46 -03:00
aqcontract.pl	Bug 9978: Replace license header with the correct license (GPLv3+)	2015-04-20 09:59:38 -03:00
aqplan.pl	Bug 14428: Remove C4::Input	2015-07-10 10:53:56 -03:00
auth_subfields_structure.pl	Bug 9006: Remove AUTOLOAD in C4::Context	2015-07-20 10:11:41 -03:00
auth_tag_structure.pl	Bug 9978: Replace license header with the correct license (GPLv3+)	2015-04-20 09:59:38 -03:00
authorised_values.pl	Bug 9978: Replace license header with the correct license (GPLv3+)	2015-04-20 09:59:38 -03:00
authtypes.pl	Bug 10947: Fix editing the default authority type	2015-05-19 09:25:59 -03:00
biblio_framework.pl	Bug 9978: Replace license header with the correct license (GPLv3+)	2015-04-20 09:59:38 -03:00
branch_transfer_limits.pl	Bug 9978: Replace license header with the correct license (GPLv3+)	2015-04-20 09:59:38 -03:00
branches.pl	Bug 8802: On editing a library group category type is not set	2015-06-23 10:14:13 -03:00
categorie.pl	Bug 10011: Save branch limitations on creating a new patron category	2015-05-19 09:21:23 -03:00
check_budget_parent.pl	Bug 9978: Replace license header with the correct license (GPLv3+)	2015-04-20 09:59:38 -03:00
check_parent_total.pl	Bug 14383: admin: Fix some typos in comments and documentation	2015-06-22 17:34:46 -03:00
checkmarc.pl	Bug 9978: Replace license header with the correct license (GPLv3+)	2015-04-20 09:59:38 -03:00
cities.pl	Bug 9978: Replace license header with the correct license (GPLv3+)	2015-04-20 09:59:38 -03:00
classsources.pl	Bug 9978: Replace license header with the correct license (GPLv3+)	2015-04-20 09:59:38 -03:00
clone-rules.pl	Bug 9978: (followup) Replace license header with the correct license (GPLv3+)	2015-04-20 09:59:43 -03:00
columns_settings.pl	Bug 13875: Columns configuration - Allow underscore in table name	2015-04-08 14:51:59 -03:00
columns_settings.yml	Bug 13492: Add the location column to the checkouts tables	2015-04-24 09:41:23 -03:00
currency.pl	Bug 9978: Replace license header with the correct license (GPLv3+)	2015-04-20 09:59:38 -03:00
didyoumean.pl	Bug 11944: use CGI( -utf8 ) everywhere	2015-01-13 13:07:21 -03:00
env_tz_test.pl	Bug 14383: admin: Fix some typos in comments and documentation	2015-06-22 17:34:46 -03:00
fieldmapping.pl	Bug 9978: Replace license header with the correct license (GPLv3+)	2015-04-20 09:59:38 -03:00
import_export_framework.pl	Bug 9978: Replace license header with the correct license (GPLv3+)	2015-04-20 09:59:38 -03:00
item_circulation_alerts.pl	Bug 9978: (followup) Replace license header with the correct license (GPLv3+)	2015-04-20 09:59:43 -03:00
items_search_field.pl	Bug 11425: Add item search form in staff interface	2014-11-04 19:08:12 -03:00
items_search_fields.pl	Bug 11425: Add item search form in staff interface	2014-11-04 19:08:12 -03:00
itemtypes.pl	Bug 9978: Replace license header with the correct license (GPLv3+)	2015-04-20 09:59:38 -03:00
koha2marclinks.pl	Bug 9978: Replace license header with the correct license (GPLv3+)	2015-04-20 09:59:38 -03:00
marc_subfields_structure.pl	Bug 9006: Remove AUTOLOAD in C4::Context	2015-07-20 10:11:41 -03:00
marctagstructure.pl	Bug 1487: Store the "display only used tags/subf" value in a cookie	2015-04-30 15:23:01 -03:00
matching-rules.pl	Bug 9978: Replace license header with the correct license (GPLv3+)	2015-04-20 09:59:38 -03:00
oai_set_mappings.pl	Bug 9978: Replace license header with the correct license (GPLv3+)	2015-04-20 09:59:38 -03:00
oai_sets.pl	Bug 9978: Replace license header with the correct license (GPLv3+)	2015-04-20 09:59:38 -03:00
patron-attr-types.pl	Bug 9978: Replace license header with the correct license (GPLv3+)	2015-04-20 09:59:38 -03:00
preferences.pl	Bug 14145: Noisy warns in admin/preferences.pl	2015-05-22 09:37:24 -03:00
printers.pl	Bug 9978: Replace license header with the correct license (GPLv3+)	2015-04-20 09:59:38 -03:00
smart-rules.pl	Bug 9978: Replace license header with the correct license (GPLv3+)	2015-04-20 09:59:38 -03:00
sru_modmapping.pl	Bug 6536: Add a form for SRU Field mapping	2014-09-01 10:08:50 -03:00
stopwords.pl	Bug 9978: Replace license header with the correct license (GPLv3+)	2015-04-20 09:59:38 -03:00
systempreferences.pl	Bug 14521: SQL injection in local use system preferences	2015-07-20 10:15:27 -03:00
transport-cost-matrix.pl	Bug 9978: Replace license header with the correct license (GPLv3+)	2015-04-20 09:59:38 -03:00
z3950servers.pl	Bug 11944: use CGI( -utf8 ) everywhere	2015-01-13 13:07:21 -03:00