git.koha-community.org Git - koha.git/commit

author	Chris Cormack <chris@bigballofwax.co.nz>
	Mon, 13 May 2024 02:26:13 +0000 (02:26 +0000)
committer	Fridolin Somers <fridolin.somers@biblibre.com>
	Thu, 6 Jun 2024 08:49:20 +0000 (10:49 +0200)
commit	c1c603731d44e16b33b964f52515dd66f8931ab9
tree	53a03a3e28a48856e7f565a153b8db51e81e1632	tree \| snapshot
parent	3098a95c4eb8574f2edfb08e8a9840af714eb068	commit \| diff

Bug 36520: Sanitize input in opac-sendbasket.pl

To test
1/ Add some items to your cart in the opac
2/ Choose send cart
3/ Open firefox developer tools and switch to the network tab
4/ Send cart
5/ In the network tab, find the post request and choose copy as curl
6/ Edit the curl command to add )+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))x)--+- to the bib_list parameter
7/ Run the curl notice it takes a long time to respond, if you want to check run the curl without the above part added
8/ Apply the patch and restart plack
9/ Run the modified curl and notice no longer the slow down
10/ Test in browser and make sure the basket is still sent

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
(cherry picked from commit 2f3f42ba98b698871bc473d65a14b5e89d0ae86c)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>