http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8015 Paul Poulain <paul.poulain@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Failed QA --- Comment #129 from Paul Poulain <paul.poulain@biblibre.com> --- (In reply to Jared Camins-Esakov from comment #128)
This is not a minor violation. As far as I can tell, there is unsanitized user input being run directly. Consider the following code: <snip> I was unable to test this example, since I couldn't get MARC modification templates to work during a cursory test, but I'm sure you see my point.
I hadn't checked what the eval was related to, I assumed it was safe. I agree with your point : failed QA, this could probably be exploited. Jared, would you be pleased if the parameters where sanitized, even if the eval is still here ? -- You are receiving this mail because: You are watching all bug changes.