[Koha-bugs] [Bug 6629] [security] insecure use of Cookie for language selection

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Fri Nov 25 08:16:06 CET 2011


http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6629

--- Comment #9 from Frère Sébastien Marie <semarie-koha at latrappe.fr> 2011-11-25 07:16:06 UTC ---
about the patch (6403):
 - I think we should also remove (or sanitize) $ENV{ HTTP_ACCEPT_LANGUAGE }, as
is it a user controlled string also.

 - the regexp is not accurate (I think):
     use        s/[^a-zA-Z_-]*//g
     instead of s/[^a-zA-Z_-]*//

-- 
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
You are watching all bug changes.


More information about the Koha-bugs mailing list