[Koha-bugs] [Bug 35072] Invalid usage of "& " in JavaScript intranet-tmpl script redirects
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Oct 17 09:57:27 CEST 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35072
--- Comment #1 from M <schodkowy.omegi-0r at icloud.com> ---
I see that this issue is actually present in a lot of .pl Perl files on the
server...
All of this needs to be fixed, the escape to `&` can only ever be done
within HTML elements, but it's not even obligatory there either, so it's easier
to just remove it outright. There's no reason to ever enter `&` manually in
URLs!
I dug a tad deeper, and it seems a reverse proxy that we're currently forced to
use does sanitize URLs and so it strips out invalid parameter entirely, meaning
that anything after "&" is inclusively removed...
I imagine the way it was never noticed and all fixed is because Perl must
handle this issue somewhere internally in case someone makes a malformed
request?
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list