From c9f785184c3a094eff08d6925a8a62b2fa003a50 Mon Sep 17 00:00:00 2001 From: Chris Cormack Date: Mon, 13 May 2024 02:26:13 +0000 Subject: [PATCH] Bug 36520: Sanitize input in opac-sendbasket.pl MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit To test 1/ Add some items to your cart in the opac 2/ Choose send cart 3/ Open firefox developer tools and switch to the network tab 4/ Send cart 5/ In the network tab, find the post request and choose copy as curl 6/ Edit the curl command to add )+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))x)--+- to the bib_list parameter 7/ Run the curl notice it takes a long time to respond, if you want to check run the curl without the above part added 8/ Apply the patch and restart plack 9/ Run the modified curl and notice no longer the slow down 10/ Test in browser and make sure the basket is still sent Signed-off-by: Amit Gupta Signed-off-by: Martin Renvoize Signed-off-by: Victor Grousset/tuxayo Signed-off-by: Marcel de Rooy (cherry picked from commit 2f3f42ba98b698871bc473d65a14b5e89d0ae86c) Signed-off-by: Frédéric Demians --- opac/opac-sendbasket.pl | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/opac/opac-sendbasket.pl b/opac/opac-sendbasket.pl index 278cfd34a6..c046b20120 100755 --- a/opac/opac-sendbasket.pl +++ b/opac/opac-sendbasket.pl @@ -73,9 +73,10 @@ if ( $email_add ) { foreach my $biblionumber (@bibs) { $template2->param( biblionumber => $biblionumber ); - my $biblio = Koha::Biblios->find( $biblionumber ) or next; - my $dat = $biblio->unblessed; - my $record = $biblio->metadata->record( + $biblionumber = int($biblionumber); + my $biblio = Koha::Biblios->find( $biblionumber ) or next; + my $dat = $biblio->unblessed; + my $record = $biblio->metadata->record( { embed_items => 1, opac => 1, -- 2.39.5