[Koha-bugs] [Bug 9411] Multiple uses of javascript eval on ajax responses in acq.js
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Jan 17 04:49:49 CET 2013
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9411
--- Comment #3 from Hugh Davenport <hugh at davenport.net.nz> ---
Created attachment 14648
-->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=14648&action=edit
bug 9411 Fix javascript evals to use parseInt and parseFloat
The acq.js file used evals to parse the return text of ajax queries
to determine what result to return. This is a bad thing, and can
potentially cause security risks.
This patch converts those eval calls to parseInt and parseFloat
calls.
Note: This patch depends on the patch in bug 4437 so there are no
conflicts.
Signed-off-by: Hugh Davenport <hugh at davenport.net.nz>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list