[Koha-bugs] [Bug 6629] [security] insecure use of Cookie for language selection

Fri Nov 25 19:16:25 CET 2011

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6629

--- Comment #18 from Chris Cormack <chris at bigballofwax.co.nz> 2011-11-25 18:16:25 UTC ---
The patch as its stands prevents file traversal, you could only read a file in
the current dir with it, but yes you are right g is better. It turns out master
and 3.6 are not vulnerable anyway, as if the value of $lang does not match a
valid lanuage, it is made undef.

So I will do new patches for 3.2.x and 3.4.x

So to be clear on 3.4.6 and lower are vulnerable. 3.6.0 and master are not.

-- 
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
You are watching all bug changes.