[Koha-bugs] [Bug 17989] Stricter control on source directory for html templates
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Oct 30 11:45:13 CET 2017
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17989
--- Comment #35 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
(In reply to Jonathan Druart from comment #32)
> Comment on attachment 68671 [details] [review]
> Bug 17989: Final changes
>
> Review of attachment 68671 [details] [review]:
> -----------------------------------------------------------------
>
> ::: svc/members/search
> @@ +28,5 @@
> > use Koha::Patrons;
> >
> > my $input = new CGI;
> > +my $template_path = $input->param('template_path');
> > +if( !$template_path || $template_path =~ /^\/|\.\./ ) {
>
> Why do we need to check that here? It is already checked in badtemplatecheck.
No, it is not needed. Removed it.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list