[Koha-bugs] [Bug 3652] XSS vulnerabilities
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Oct 17 17:41:42 CEST 2012
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3652
--- Comment #38 from Paul Poulain <paul.poulain at biblibre.com> ---
Comment on attachment 12835
--> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=12835
Bug 3652: close XSS vulnerabilities on biblionumber and authid
About this patch, Jared, why do you add
|| $query->param('bib');
to opac-ISBD|MARCdetail.pl ?
I see it's in opac-detail, but it's an oldies and not goodies (in early
versions of Koha, biblionumber was sometimes written bib, bn, ... It has been
fixed, and I favour removing
|| $query->param('bib');
from opac-detail.pl, because we must not have param('bib')
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list