From c0cb1f8b0e8aa53707447ee7c27fd15fc0a7b80c Mon Sep 17 00:00:00 2001 From: Fridolyn SOMERS Date: Mon, 15 Jul 2013 13:00:18 +0200 Subject: [PATCH] Bug 10590 - in opac-topissues limit param is not protected In opac-topissues page, the limit URL argument is directly added to SQL query. This patch adds protections : limit must only contain digits and must be lower than 100. Test plan : - Edit URL to : /cgi-bin/koha/opac-topissues.pl?limit=10&branch=&itemtype=&timeLimit=999&do_it=1 => You get the results of 10 most cheched-out of all time - Edit URL to : /cgi-bin/koha/opac-topissues.pl?limit=&branch=&itemtype=&timeLimit=999&do_it=1 => You get the results of 10 most cheched-out of all time - Edit URL to : /cgi-bin/koha/opac-topissues.pl?limit=9999&branch=&itemtype=&timeLimit=999&do_it=1 => You get the results of 100 most cheched-out of all time - Edit URL to : /cgi-bin/koha/opac-topissues.pl?limit=WHERE&branch=&itemtype=&timeLimit=999&do_it=1 => You get the results of 10 most cheched-out of all time Signed-off-by: Robin Sheat Signed-off-by: Galen Charlton Signed-off-by: Jonathan Druart Signed-off-by: Katrin Fischer Signed-off-by: Galen Charlton (cherry picked from commit 57866d6b67c3f8b29290150f21c71395315a73fe) Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 5867909f8866b4e68340b88817bfb95f51bc3c9e) Signed-off-by: Bernardo Gonzalez Kriegel (cherry picked from commit 5867909f8866b4e68340b88817bfb95f51bc3c9e) --- opac/opac-topissues.pl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/opac/opac-topissues.pl b/opac/opac-topissues.pl index dfdb6cd86c..bc7dd5f658 100755 --- a/opac/opac-topissues.pl +++ b/opac/opac-topissues.pl @@ -52,7 +52,9 @@ my ($template, $borrowernumber, $cookie) }); my $dbh = C4::Context->dbh; # Displaying results -my $limit = $input->param('limit') || 10; +my $limit = $input->param('limit'); +$limit = 10 unless ($limit && $limit =~ /^\d+$/); # control user input for SQL query +$limit = 100 if $limit > 100; my $branch = $input->param('branch') || ''; my $itemtype = $input->param('itemtype') || ''; my $timeLimit = $input->param('timeLimit') || 3; -- 2.39.5