From b092d71d0cb08a470a7cf8809ae6dd1e93a553c8 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Wed, 5 Jun 2019 18:40:54 -0500 Subject: [PATCH] Bug 23058: Prevent XSS vulnerabiliies when 'tag' is passed to opac-search Signed-off-by: Nick Clemens Signed-off-by: Katrin Fischer --- opac/opac-search.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/opac/opac-search.pl b/opac/opac-search.pl index 309776f9f6..437bb8bf6a 100755 --- a/opac/opac-search.pl +++ b/opac/opac-search.pl @@ -604,7 +604,7 @@ my $results_hashref; my @coins; if ($tag) { - $query_cgi = "tag=" .$tag . "&" . $query_cgi; + $query_cgi = "tag=" . uri_escape_utf8( $tag ) . "&" . $query_cgi; my $taglist = get_tags({term=>$tag, approved=>1}); $results_hashref->{biblioserver}->{hits} = scalar (@$taglist); my @marclist = map { C4::Biblio::GetXmlBiblio( $_->{biblionumber} ) } @$taglist; -- 2.39.5