[Koha-bugs] [Bug 2847] Use HTML escape in templates where appropriate
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Nov 23 12:26:44 CET 2011
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=2847
--- Comment #5 from Paul Poulain <paul.poulain at biblibre.com> 2011-11-23 11:26:44 UTC ---
is it just a problem on 3.4 ? it's OK for 3.6 ?
In this case, I think we can stay without this fix in 3.4 : it's a security
issue, I agree, but:
* it's staff related, so, to exploit such a bug, one would first need to have a
valid login, so, the risk is low according to me.
* 3.4 EOL is probably close
--
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the Koha-bugs
mailing list