git.koha-community.org Git - koha.git/commit

author	Andreas Jonsson <andreas.jonsson@kreablo.se>
	Thu, 7 Mar 2024 09:12:25 +0000 (09:12 +0000)
committer	Frédéric Demians <f.demians@tamil.fr>
	Tue, 19 Mar 2024 07:12:21 +0000 (08:12 +0100)
commit	dfcdc322e978910fa165e1d3d1be2742c6198b02
tree	adb30f4358cc75a372b2bbd033ff9a9db17eba68	tree \| snapshot
parent	ae48106422e333ea89c16daa57e20bba11063fa1	commit \| diff

Bug 36244: Do template toolkit processing first

To avoid injection of template toolkit code
from database fields that are controlled by
untrusted sources.

Test plan:

* review subtest 'Template toolkit syntax in
parameters' in t/db_dependent/Letters.t
* Run the unit test:
prove t/db_dependent/Letters.t

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 07ac3b0b9450f812bb48cfecf7bf3f47f63279b5)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 20353e094a952f506b9be7f21740e1001fbdeb69)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>