[Koha-bugs] [Bug 5131] XSS vulnerability in the OPAC search results interface
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Jul 27 23:16:41 CEST 2011
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5131
Chris Cormack <chris at bigballofwax.co.nz> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #4753|0 |1
is obsolete| |
--- Comment #4 from Chris Cormack <chris at bigballofwax.co.nz> 2011-07-27 21:16:41 UTC ---
Created attachment 4759
--> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=4759
Bug 5131 :restrict use of sort_by value to allowed values
The user input for sort_by value was used without care, resulting the
possibility for user to set any Template Variable to 1.
This patch restrict the values to sort field.
The list of allowd_sortby was taken from 'includes/resort_form.inc'.
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
--
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
More information about the Koha-bugs
mailing list