[Bug 22478] Cross-site scripting vulnerability in paginations
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22478 --- Comment #50 from Nick Clemens <nick@bywatersolutions.com> --- (In reply to Jonathan Druart from comment #45)
(In reply to Martin Renvoize from comment #43)
Created attachment 89009 [details] [review] [review] Bug 22478: (QA follow-up) Update tests to check for any script tags
I do not think these tests are correct. We want to test that the variable are correctly escaped, not that a specific script (opac-shelves) will replace an invalid value with a correct one (everything != 1 or 2 will be 2)
Please file a follow-up if you think we need to fix this Jonathan, patches were pushed to stable and so master followed. -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org