26 Apr
2022
26 Apr
'22
1:52 a.m.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27546 --- Comment #23 from David Cook <dcook@prosentient.com.au> --- (In reply to Fridolin Somers from comment #22)
+ window.location.href = "/cgi-bin/koha/catalogue/search.pl?[% query_cgi | $raw %]&[% limit_cgi | $raw %]&[% sort_cgi | $raw %]&limit="+index+$("#refiner").val(); Arf we must URI-espace $("#refiner").val() no ?
100% needs an escape_str() there to prevent XSS. Great catch, Frido! -- You are receiving this mail because: You are watching all bug changes.