[Bug 3652] XSS vulnerabilities
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3652 --- Comment #39 from Jared Camins-Esakov <jcamins@cpbibliography.com> --- (In reply to comment #38)
Comment on attachment 12835 [details] Bug 3652: close XSS vulnerabilities on biblionumber and authid
About this patch, Jared, why do you add || $query->param('bib'); to opac-ISBD|MARCdetail.pl ? I see it's in opac-detail, but it's an oldies and not goodies (in early versions of Koha, biblionumber was sometimes written bib, bn, ... It has been fixed, and I favour removing || $query->param('bib'); from opac-detail.pl, because we must not have param('bib')
I wanted to make sure the behavior was identical, and I figured there must surely be a good reason for the $query->param('bib'). If you wanted to remove the || $query->param('bib') from all three files, I would not object at all. -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org