[Koha-bugs] [Bug 3652] XSS vulnerabilities
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Oct 17 17:50:15 CEST 2012
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3652
--- Comment #39 from Jared Camins-Esakov <jcamins at cpbibliography.com> ---
(In reply to comment #38)
> Comment on attachment 12835 [details]
> Bug 3652: close XSS vulnerabilities on biblionumber and authid
>
> About this patch, Jared, why do you add
> || $query->param('bib');
> to opac-ISBD|MARCdetail.pl ?
> I see it's in opac-detail, but it's an oldies and not goodies (in early
> versions of Koha, biblionumber was sometimes written bib, bn, ... It has
> been fixed, and I favour removing
> || $query->param('bib');
> from opac-detail.pl, because we must not have param('bib')
I wanted to make sure the behavior was identical, and I figured there must
surely be a good reason for the $query->param('bib'). If you wanted to remove
the || $query->param('bib') from all three files, I would not object at all.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list