[Koha-bugs] [Bug 8015] Add MARC Modifications Templates
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Sep 25 15:22:22 CEST 2013
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8015
--- Comment #128 from Jared Camins-Esakov <jcamins at cpbibliography.com> ---
(In reply to Paul Poulain from comment #127)
> Katrin, please reconsider your position = this improvement is very important
> for libraries, much more than a technical perlcritic violation.
> My opinion here is that we must decide that the user interest is more
> important than this single violation.
> (the law must serve us, we must not serve the law)
This is not a minor violation. As far as I can tell, there is unsanitized user
input being run directly. Consider the following code:
eval { $eval }; != eval $eval;
my $r = q|/foo/fee/; print "hi";|;
my @values = ("foo", "bar", "foobar");
for my $v ( @values ) {
eval {"\$v =~ s$r"};
say $v;
eval "\$v =~ s$r";
say $v;
}
Result: "hi" is printed by each eval. This example is fairly benign, but what
if the regex were as follows: my $r = q|/whatever/something/; require
C4::Context; $dbh = C4::Context->dbh; $dbh->do("DELETE FROM issues;")|;
I was unable to test this example, since I couldn't get MARC modification
templates to work during a cursory test, but I'm sure you see my point.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list