https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22836 Bug ID: 22836 Summary: Tests catching XSS vulnerabilities in pagination are not correct Change sponsored?: --- Product: Koha Version: unspecified Hardware: All OS: All Status: ASSIGNED Severity: normal Priority: P5 - low Component: Test Suite Assignee: jonathan.druart@bugs.koha-community.org Reporter: jonathan.druart@bugs.koha-community.org QA Contact: testopia@bugs.koha-community.org Target Milestone: --- See bug 22478 comments 44 and 45. The tests were added originally to catch XSS vulnerabilities when pagination was used (shelves, reviews, authorities searches, etc.). With one of the QA followup (Handle category in opac-shelves like a boolean) we did not trust the escape by resetting the "category" if not set to 1 or 2. We should rely on the correct filtering instead. However, if one really wants to use this change, we should adapt the tests to catch the correct filtered values (and so do not use unlike), in another area (i.e. not shelves, where we are handling the invalid values differently). I am suggestion to revert those patches, as it is the easiest solution. -- You are receiving this mail because: You are watching all bug changes.