[Koha-bugs] [Bug 13618] Prevent XSS in the Staff Client and the OPAC
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Sat Aug 29 11:19:34 CEST 2015
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13618
--- Comment #69 from Joonas Kylmälä <j.kylmala at gmail.com> ---
(In reply to Joonas Kylmälä from comment #68)
> (In reply to Jonathan Druart from comment #28)
> > Created attachment 41347 [details] [review] [review]
> > Bug 13618: Remove html filters at the OPAC
> >
> > This patch removes the html filters at the OPAC, if necessary.
> >
> > Generated with:
> > perl -p -i -e 's/\ ?\|\ ?html(\ ?)%/\1%/g' **/*.tt **/*.inc
>
> @@ -85,7 +85,7 @@
> [% END %]
> ).
> [% END %]
> - <a href="[% OPACBaseURL
> %]/cgi-bin/koha/opac-search.pl?[% query_cgi | url %][% limit_cgi |html | url
> %]&count=[% countrss |html %]&sort_by=acqdate_dsc&forma~
> + <a href="[% OPACBaseURL
> %]/cgi-bin/koha/opac-search.pl?[% query_cgi | url %][% limit_cgi |html | url
> %]&count=[% countrss %]&sort_by=acqdate_dsc&format=rss2~
> [% END # / IF total %]
> </p>
> [% END # / IF searchdesc %]
>
> Shouldn't that one also be removed?
Also in this patch there was two more of these so they should be maybe removed
also if this one is. I used regex ^\+.+\|html to find these
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list