]> git.koha-community.org Git - koha.git/commit
Bug 10590 - in opac-topissues limit param is not protected
authorFridolyn SOMERS <fridolyn.somers@biblibre.com>
Mon, 15 Jul 2013 11:00:18 +0000 (13:00 +0200)
committerGalen Charlton <gmc@esilibrary.com>
Mon, 15 Jul 2013 15:18:24 +0000 (15:18 +0000)
commit57866d6b67c3f8b29290150f21c71395315a73fe
treee10c86d3f34cdecdabed02b0d083ed94afb75e93
parent275f405c8b3920634907e5e1f2ef8ccecf497868
Bug 10590 - in opac-topissues limit param is not protected

In opac-topissues page, the limit URL argument is directly added to SQL query.

This patch adds protections : limit must only contain digits and must be lower than 100.

Test plan :
- Edit URL to : /cgi-bin/koha/opac-topissues.pl?limit=10&branch=&itemtype=&timeLimit=999&do_it=1
=> You get the results of 10 most cheched-out of all time
- Edit URL to : /cgi-bin/koha/opac-topissues.pl?limit=&branch=&itemtype=&timeLimit=999&do_it=1
=> You get the results of 10 most cheched-out of all time
- Edit URL to : /cgi-bin/koha/opac-topissues.pl?limit=9999&branch=&itemtype=&timeLimit=999&do_it=1
=> You get the results of 100 most cheched-out of all time
- Edit URL to : /cgi-bin/koha/opac-topissues.pl?limit=WHERE&branch=&itemtype=&timeLimit=999&do_it=1
=> You get the results of 10 most cheched-out of all time

Signed-off-by: Robin Sheat <robin@catalyst.net.nz>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
opac/opac-topissues.pl