[Bug 15771] New: CGI::escapeHTML should not be used anymore
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15771 Bug ID: 15771 Summary: CGI::escapeHTML should not be used anymore Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: ASSIGNED Severity: normal Priority: P5 - low Component: System Administration Assignee: jonathan.druart@bugs.koha-community.org Reporter: jonathan.druart@bugs.koha-community.org QA Contact: testopia@bugs.koha-community.org CC: gmcharlt@gmail.com Depends on: 13618 In admin/auth_subfields_structure.pl, admin/marc_subfields_structure.pl and catalogue/image.pl, the pl script escapes html characters. Since bug 13618 has been pushed, this method should not be used anymore. Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13618 [Bug 13618] Prevent XSS in the Staff Client and the OPAC -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15771 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15771 --- Comment #1 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Created attachment 47813 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=47813&action=edit Bug 15771: Do not use CGI::escapeHTML anymore In admin/auth_subfields_structure.pl, admin/marc_subfields_structure.pl and catalogue/image.pl, the pl script escapes html characters. Since bug 13618 has been pushed, this method should not be used anymore. Test plan: 1/ Edit a framework (biblio and authority) 2/ In the "text for librarian" input, fill "test'apostrophe" 3/ Save 4/ Edit subfields => Without this patch, the ' is displayed escaped => With this patch, everything is fine -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15771 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |15773 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15773 [Bug 15773] Checkboxes does not work correctly when creating a new subfield for an authority framework -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15771 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |15754 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15754 [Bug 15754] html tags displayed when editing frameworks -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15771 Héctor Eduardo Castro Avalos <hector.hecaxmmx@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15771 --- Comment #2 from Héctor Eduardo Castro Avalos <hector.hecaxmmx@gmail.com> --- Created attachment 47822 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=47822&action=edit [SIGNED-OFF]Bug 15771: Do not use CGI::escapeHTML anymore In admin/auth_subfields_structure.pl, admin/marc_subfields_structure.pl and catalogue/image.pl, the pl script escapes html characters. Since bug 13618 has been pushed, this method should not be used anymore. Test plan: 1/ Edit a framework (biblio and authority) 2/ In the "text for librarian" input, fill "test'apostrophe" 3/ Save 4/ Edit subfields => Without this patch, the ' is displayed escaped => With this patch, everything is fine Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com> Works as advertised -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15771 Héctor Eduardo Castro Avalos <hector.hecaxmmx@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |hector.hecaxmmx@gmail.com Attachment #47813|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15771 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |m.de.rooy@rijksmuseum.nl --- Comment #3 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Need to change status of this report after reverting 13618 ? -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15771 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |BLOCKED -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15771 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|15773 | Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15773 [Bug 15773] Checkboxes does not work correctly when creating a new subfield for an authority framework -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15771 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |DUPLICATE Status|BLOCKED |RESOLVED Depends on|13618 | See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=13618 --- Comment #4 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Occurrences of CGI::escapeHTML have been removed by bug 15773. *** This bug has been marked as a duplicate of bug 15773 *** Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13618 [Bug 13618] Prevent XSS in the Staff Client and the OPAC -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15771 Bug 15771 depends on bug 15754, which changed state. Bug 15754 Summary: html tags displayed when editing frameworks https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15754 What |Removed |Added ---------------------------------------------------------------------------- Status|BLOCKED |CLOSED Resolution|--- |INVALID -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org