git.koha-community.org Git - koha.git/commit

Bug 3652: close XSS vulnerabilities on biblionumber and authid

Previously we did not sanitize biblionumber and authids passed in by
the user.

To test:
1) Go to /cgi-bin/koha/opac-detail.pl?biblionumber=2hi (substituting a
   valid biblionumber for the 2).
2) Notice the presence of "2hi" on this page, and also on the ISBD and
   MARC views.
3) Go to /cgi-bin/koha/opac-authoritiesdetail.pl?authid=2bye
   (substituting a valid authid for the 2).
4) Notice the presence of "2bye" on this page.
3) Apply patch.
4) Notice that "2hi" and "2bye" strings are gone.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

author	Jared Camins-Esakov <jcamins@cpbibliography.com>
	Mon, 15 Oct 2012 15:45:38 +0000 (11:45 -0400)
committer	Jared Camins-Esakov <jcamins@cpbibliography.com>
	Mon, 22 Oct 2012 20:35:11 +0000 (16:35 -0400)
commit	71f9e11cc46cd9b7eae8504da69f350acd1f766f
tree	5ddc0fe19e6fb3665a5592f1f3ebcd4129f43ea0	tree \| snapshot
parent	89e8607a7fa5154af9083d56556c4b95d7a2325b	commit \| diff

opac/opac-ISBDdetail.pl		diff \| blob \| history
opac/opac-MARCdetail.pl		diff \| blob \| history
opac/opac-authoritiesdetail.pl		diff \| blob \| history
opac/opac-detail.pl		diff \| blob \| history
opac/opac-showmarc.pl		diff \| blob \| history