[Koha-bugs] [Bug 7620] OPACNoResult, add search string to available parameters
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed May 23 10:11:25 CEST 2012
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7620
Koha Team Lyon 3 <koha at univ-lyon3.fr> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|Failed QA |Needs Signoff
--- Comment #6 from Koha Team Lyon 3 <koha at univ-lyon3.fr> ---
Well, I try to see how to proceed with C4::Scrubber and how it had been already
used in other koha scripts like opac-tags.pl but I don't really get how to
adapt it to the present case. However, if it's a question of sanitizing the
$query_kw string before substitution, you 'll note that the regexp used to
extract keywords does it since it keeps only alphanumeric characters (plus -):
To pick your example, it goes like this :
my $query_kw='<script type="text/javascript"
src="http://link/to/evil.js"></script>';
then after theese lines :
my @query_kw=($query_kw=~ /([-\w]+\b)(?:[^,:]|$)/g);
my $query_kw=join('+', at query_kw);
the output to be substituted will be :
my $query_kw='script+type+text+javascript+src+link+to+evil+js+script'
may be, that could do the trick anyway ?
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list