[Koha-bugs] [Bug 6629] [security] insecure use of Cookie for language selection
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Sun Nov 27 09:47:10 CET 2011
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6629
--- Comment #26 from Frère Sébastien Marie <semarie-koha at latrappe.fr> 2011-11-27 08:47:10 UTC ---
In installer, there are another script that use cookie directly:
installer/install.pl on line 268 and 231.
On line 267-268:
> my $langchoice = $query->param('fwklanguage');
> $langchoice = $query->cookie('KohaOpacLanguage') unless ($langchoice);
(fwklanguage is also used without sanitization).
On line 230-231, it is a duplicated code of previous, but I don't not if it is
possible to exploit here (language not used for template inclusion).
--
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list