[Koha-bugs] [Bug 10590] in opac-topissues limit param is not protected
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Jul 15 16:55:51 CEST 2013
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10590
Katrin Fischer <katrin.fischer at bsz-bw.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #19668|0 |1
is obsolete| |
Attachment #19669|0 |1
is obsolete| |
--- Comment #19 from Katrin Fischer <katrin.fischer at bsz-bw.de> ---
Created attachment 19670
-->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=19670&action=edit
[PASSED QA] Bug 10590 - in opac-topissues limit param is not protected
In opac-topissues page, the limit URL argument is directly added to SQL query.
This patch adds protections : limit must only contain digits and must be lower
than 100.
Test plan :
- Edit URL to :
/cgi-bin/koha/opac-topissues.pl?limit=10&branch=&itemtype=&timeLimit=999&do_it=1
=> You get the results of 10 most cheched-out of all time
- Edit URL to :
/cgi-bin/koha/opac-topissues.pl?limit=&branch=&itemtype=&timeLimit=999&do_it=1
=> You get the results of 10 most cheched-out of all time
- Edit URL to :
/cgi-bin/koha/opac-topissues.pl?limit=9999&branch=&itemtype=&timeLimit=999&do_it=1
=> You get the results of 100 most cheched-out of all time
- Edit URL to :
/cgi-bin/koha/opac-topissues.pl?limit=WHERE&branch=&itemtype=&timeLimit=999&do_it=1
=> You get the results of 10 most cheched-out of all time
Signed-off-by: Robin Sheat <robin at catalyst.net.nz>
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
Signed-off-by: Jonathan Druart <jonathan.druart at biblibre.com>
Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list