[Koha-bugs] [Bug 33734] Using custom search filters breaks diacritics characters in search term
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Sep 13 04:22:45 CEST 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33734
--- Comment #11 from David Cook <dcook at prosentient.com.au> ---
(In reply to David Cook from comment #9)
> Definitely don't want to be using the "raw" filter there.
Actually, I'm wrong. We do want to be using the "raw" filter here, because the
URL is already encoded.
However, Ville makes a couple of mistakes in their patch.
First, we should escape search_filter.id for completeness even though it's
system generated.
Second, we need to escape search_filter.name since that is user generated and
could cause XSS if it's not HTML escaped.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list