[Koha-bugs] [Bug 8015] Add MARC Modifications Templates
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Sep 25 15:54:53 CEST 2013
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8015
--- Comment #130 from Jared Camins-Esakov <jcamins at cpbibliography.com> ---
(In reply to Paul Poulain from comment #129)
> I hadn't checked what the eval was related to, I assumed it was safe.
> I agree with your point : failed QA, this could probably be exploited.
>
> Jared, would you be pleased if the parameters where sanitized, even if the
> eval is still here ?
I see no way to sanitize the input while using the eval. The entire point of
the eval is to allow arbitrary code to be run through the regex. Maybe it would
be better to have two boxes, one for the match and one for the replacement?
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list