[Koha-bugs] [Bug 5131] XSS vulnerability in the OPAC search results interface
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Jul 27 13:19:39 CEST 2011
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5131
--- Comment #3 from Frère Sébastien Marie <semarie-koha at latrappe.fr> 2011-07-27 11:19:39 UTC ---
Created attachment 4753
--> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=4753
proposed patch
I take the list of possible values for $sort_by parameter in
'koha-tmpl/opac-tmpl/prog/en/includes/resort_form.inc' (the select/options used
for display "sort by" select), build a list with, and check the $sport_by value
against.
So only values from this list are allowed to be setted.
--
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
More information about the Koha-bugs
mailing list