From 71f9e11cc46cd9b7eae8504da69f350acd1f766f Mon Sep 17 00:00:00 2001 From: Jared Camins-Esakov Date: Mon, 15 Oct 2012 11:45:38 -0400 Subject: [PATCH] Bug 3652: close XSS vulnerabilities on biblionumber and authid Previously we did not sanitize biblionumber and authids passed in by the user. To test: 1) Go to /cgi-bin/koha/opac-detail.pl?biblionumber=2hi (substituting a valid biblionumber for the 2). 2) Notice the presence of "2hi" on this page, and also on the ISBD and MARC views. 3) Go to /cgi-bin/koha/opac-authoritiesdetail.pl?authid=2bye (substituting a valid authid for the 2). 4) Notice the presence of "2bye" on this page. 3) Apply patch. 4) Notice that "2hi" and "2bye" strings are gone. Signed-off-by: Chris Cormack --- opac/opac-ISBDdetail.pl | 3 ++- opac/opac-MARCdetail.pl | 3 ++- opac/opac-authoritiesdetail.pl | 7 ++++++- opac/opac-detail.pl | 1 + opac/opac-showmarc.pl | 1 + 5 files changed, 12 insertions(+), 3 deletions(-) diff --git a/opac/opac-ISBDdetail.pl b/opac/opac-ISBDdetail.pl index c80d41c8c5..304012223c 100755 --- a/opac/opac-ISBDdetail.pl +++ b/opac/opac-ISBDdetail.pl @@ -67,7 +67,8 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user( } ); -my $biblionumber = $query->param('biblionumber'); +my $biblionumber = $query->param('biblionumber') || $query->param('bib'); +$biblionumber = int($biblionumber); $template->param( 'AllowOnShelfHolds' => C4::Context->preference('AllowOnShelfHolds') ); $template->param( 'ItemsIssued' => CountItemsIssued( $biblionumber ) ); diff --git a/opac/opac-MARCdetail.pl b/opac/opac-MARCdetail.pl index f408cd299b..8053d5c087 100755 --- a/opac/opac-MARCdetail.pl +++ b/opac/opac-MARCdetail.pl @@ -57,10 +57,11 @@ my $query = new CGI; my $dbh = C4::Context->dbh; -my $biblionumber = $query->param('biblionumber'); +my $biblionumber = $query->param('biblionumber') || $query->param('bib'); my $itemtype = &GetFrameworkCode($biblionumber); my $tagslib = &GetMarcStructure( 0, $itemtype ); my $biblio = GetBiblioData($biblionumber); +$biblionumber = $biblio->{biblionumber}; my $record = GetMarcBiblio($biblionumber, 1); if ( ! $record ) { print $query->redirect("/cgi-bin/koha/errors/404.pl"); diff --git a/opac/opac-authoritiesdetail.pl b/opac/opac-authoritiesdetail.pl index 6610dfda5c..236a945038 100755 --- a/opac/opac-authoritiesdetail.pl +++ b/opac/opac-authoritiesdetail.pl @@ -52,7 +52,8 @@ my $query = new CGI; my $dbh = C4::Context->dbh; -my $authid = $query->param('authid'); +my $authid = $query->param('authid'); +$authid = int($authid); my $authtypecode = &GetAuthTypeCode( $authid ); my $tagslib = &GetTagsLabels( 1, $authtypecode ); @@ -95,6 +96,10 @@ if (C4::Context->preference("AuthDisplayHierarchy")){ else { $record = GetAuthority( $authid ); } +if ( ! $record ) { + print $query->redirect("/cgi-bin/koha/errors/404.pl"); # escape early + exit; +} my $count = CountUsage($authid); # find the marc field/subfield used in biblio by this authority diff --git a/opac/opac-detail.pl b/opac/opac-detail.pl index 21efd86a15..ff43cb9459 100755 --- a/opac/opac-detail.pl +++ b/opac/opac-detail.pl @@ -65,6 +65,7 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user( ); my $biblionumber = $query->param('biblionumber') || $query->param('bib'); +$biblionumber = int($biblionumber); my $record = GetMarcBiblio($biblionumber); if ( ! $record ) { diff --git a/opac/opac-showmarc.pl b/opac/opac-showmarc.pl index 3638f8869d..f06d3cde0b 100755 --- a/opac/opac-showmarc.pl +++ b/opac/opac-showmarc.pl @@ -44,6 +44,7 @@ use XML::LibXML; my $input = new CGI; my $biblionumber = $input->param('id'); +$biblionumber = int($biblionumber); my $importid = $input->param('importid'); my $view = $input->param('viewas') || 'marc'; -- 2.39.5