git.koha-community.org Git - koha.git/commit

author	David Cook <dcook@prosentient.com.au>
	Thu, 25 Jul 2024 06:56:18 +0000 (06:56 +0000)
committer	Katrin Fischer <katrin.fischer@bsz-bw.de>
	Fri, 16 Aug 2024 14:22:21 +0000 (16:22 +0200)
commit	623e1c59124542dd3c399231a4786c82e19c337c
tree	dcca553409cbe153eb8cef8137d33128057a16cb	tree \| snapshot
parent	751e72dfda14ec6b608b0bab2265935483301bf8	commit \| diff

Bug 37464: Validate "type" sent to barcode/svc

This change validates the "type" sent to the barcode/svc. Without this
change, we pass the user input directly to GD::Barcode, which passes
the input into an eval{} block without any validation of its own.

Test plan:
0. Apply the patch
1. koha-plack --reload kohadev
2. Go to http://localhost:8081/cgi-bin/koha/svc/barcode?type=bad&barcode=123456
3. Note that a Code39 barcode is provided for an invalid type
4. Go to http://localhost:8081/cgi-bin/koha/svc/barcode?type=Code39&barcode=123456
5. Note that a Code39 barcode is provided
6. Go to http://localhost:8081/cgi-bin/koha/svc/barcode?type=UPCE&barcode=123456
7. Note that a non-Code39 barcode is provided (presumably UPCE)

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 73b0c3cf621250008845f22f7a36f90a48e00b06)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>