[Koha-bugs] [Bug 35072] Invalid usage of "& " in JavaScript intranet-tmpl script redirects

[bugzilla-daemon at bugs.koha-community.org]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35072

--- Comment #1 from M <schodkowy.omegi-0r at icloud.com> ---
I see that this issue is actually present in a lot of .pl Perl files on the
server...

All of this needs to be fixed, the escape to `&` can only ever be done
within HTML elements, but it's not even obligatory there either, so it's easier
to just remove it outright. There's no reason to ever enter `&` manually in
URLs!

I dug a tad deeper, and it seems a reverse proxy that we're currently forced to
use does sanitize URLs and so it strips out invalid parameter entirely, meaning
that anything after "&" is inclusively removed...

I imagine the way it was never noticed and all fixed is because Perl must
handle this issue somewhere internally in case someone makes a malformed
request?

-- 
You are receiving this mail because:
You are watching all bug changes.