Bug 27961: Ensure external URLs are filtered
TT variables are used to build the link in items.uri . This is a problem
particularly when TrackClicks is enabled because the items.uri value
doesn't get escaped, resulting in a 404.
To test:
1) Enable the TrackClicks system preference (set to Track or Track
anonymously)
2) Find a record with an item
3) Edit the item and put an external URL under the Uniform Resource
Identifier field
4) Go to that record in the OPAC
5) Click on Link to resource
6) Confirm you are not redirected to the URL and instead see a 404
7) Apply the patch and refresh the page
8) Click on Link to resource
9) Confirm you are redirected as expected
10) Go back to the staff client to edit your item. This time put two
URLs in the Uniform Resource Identifier field, separated by ' | '.
(Don't forget the spaces around the pipe, and don't forget to add a
trailing slash to the URL).
11) Go back to the OPAC and refresh the page.
12) Confirm both URLs redirect as expected.
Sponsored-by: Parliamentary Library New Zealand
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit
4a5c946d95fabaa4fcea03e4c456b5ef6197ca44)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
projects / koha.git / commit