[Koha-bugs] [Bug 15050] Nonpublic note searchable from OPAC
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Sat Nov 14 16:26:07 CET 2015
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15050
--- Comment #7 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
(In reply to Mirko Tietgen from comment #0)
> Don't know if this qualifies as a security risk.
No, I would not call it like that :)
Please have a look at bug 12872. It is broader but covers this bug too.
The problem is that DOM indexes all under the Any keyword via the following
lines:
<xslo:template mode="index_all" match="text()">
<z:index name="Any:w Any:p">
<xslo:value-of select="."/>
</z:index>
</xslo:template>
Look at the first obsolete patch too.
As discussed before on some older reports too, it would be nice to have an
optional Anywhere (just like Any now), and a more restricted Any (only include
the defined indexes as we were used too under GRS1). If you would not like
Anywhere for various reasons (index size or hidden fields etc.), disable it
some way.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list