[Koha-bugs] [Bug 22836] New: Tests catching XSS vulnerabilities in pagination are not correct
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri May 3 03:04:13 CEST 2019
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22836
Bug ID: 22836
Summary: Tests catching XSS vulnerabilities in pagination are
not correct
Change sponsored?: ---
Product: Koha
Version: unspecified
Hardware: All
OS: All
Status: ASSIGNED
Severity: normal
Priority: P5 - low
Component: Test Suite
Assignee: jonathan.druart at bugs.koha-community.org
Reporter: jonathan.druart at bugs.koha-community.org
QA Contact: testopia at bugs.koha-community.org
Target Milestone: ---
See bug 22478 comments 44 and 45.
The tests were added originally to catch XSS vulnerabilities when pagination
was used (shelves, reviews, authorities searches, etc.).
With one of the QA followup (Handle category in opac-shelves like a boolean) we
did not trust the escape by resetting the "category" if not set to 1 or 2. We
should rely on the correct filtering instead.
However, if one really wants to use this change, we should adapt the tests to
catch the correct filtered values (and so do not use unlike), in another area
(i.e. not shelves, where we are handling the invalid values differently).
I am suggestion to revert those patches, as it is the easiest solution.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list