[Koha-bugs] [Bug 10590] in opac-topissues limit param is not protected
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Jul 15 16:09:10 CEST 2013
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10590
--- Comment #4 from Robin Sheat <robin at catalyst.net.nz> ---
Created attachment 19660
-->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=19660&action=edit
Bug 10590 - parameterise the limit option
The limit option was previously substituted directly into the query. The
previous patch on bug 10590 filters it on input, but there's no reason
not to have it made to work properly in the query for added safety.
--- Comment #5 from Fridolyn SOMERS <fridolyn.somers at biblibre.com> ---
(In reply to Robin Sheat from comment #2)
I did not took the time to hack the system with that but nevertheless it is
dangerous to keep it as it is.
> I don't think your patch goes far enough though: the $limit should be replaced by a '?' as well as being filtered
You mean ending query with "limit ?" and using execute($limit) ?
I thought it would not work because limit will be a string : "limit '10'".
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list