From e75dc18424ba5905b79dd2c92e91ba2c8f4ecfed Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Wed, 5 Jun 2019 18:40:54 -0500 Subject: [PATCH] Bug 23058: Prevent XSS vulnerabiliies when 'tag' is passed to opac-search Signed-off-by: Nick Clemens Signed-off-by: Katrin Fischer Signed-off-by: Martin Renvoize --- opac/opac-search.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/opac/opac-search.pl b/opac/opac-search.pl index c39ad59b68..84714a6024 100755 --- a/opac/opac-search.pl +++ b/opac/opac-search.pl @@ -607,7 +607,7 @@ my $results_hashref; my @coins; if ($tag) { - $query_cgi = "tag=" .$tag . "&" . $query_cgi; + $query_cgi = "tag=" . uri_escape_utf8( $tag ) . "&" . $query_cgi; my $taglist = get_tags({term=>$tag, approved=>1}); $results_hashref->{biblioserver}->{hits} = scalar (@$taglist); my @marclist = map { C4::Biblio::GetXmlBiblio( $_->{biblionumber} ) } @$taglist; -- 2.39.5