[Koha-bugs] [Bug 11322] Suggestion "notes" field should be sanitized or escaped
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Dec 3 21:10:05 CET 2013
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11322
--- Comment #14 from Chris Cormack <chris at bigballofwax.co.nz> ---
(In reply to Jacek Ablewicz from comment #13)
> Works as described for me too, thanks!
>
> On related subject, I think we may have some similiar problems with
> patron-submitted data in other places as well, e.g.: as a test I just
> submitted "personal data" update request from OPAC via
> opac/opac-memberentry.pl, with JS code in 'Address 2' field, and injected
> script seems to work in members/members-update.pl. But I guess it would be
> better to assign separate bug numbers for such further issues (if any)?
Yep new bug on any others you find, i checked reviews/comments and tags, they
are ok. But im prepared to believe member update isn't.
At least with that you have to be logged in, so not quite as bad as the
suggestions (which could be done without login if the syspref was set that way)
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list