[Koha-bugs] [Bug 14764] Add OPAC News branch selector
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Sep 1 01:34:14 CEST 2015
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14764
--- Comment #1 from Martin Persson <xarragon at gmail.com> ---
Created attachment 42129
-->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=42129&action=edit
Bug 14764: OPAC news selector - URL parameter
This patch adds an URL-based override for the homebranch
variable in opac-main.pl. Allows viewing of arbitrary branches.
Possible security issue: The user changes branch parameter to
perform SQL or XSS injection. This would not be possible via
the database, as the foreign key constraint would block arbitrary
code. However, the News retrieval function is using prepared
statements which are immune to this.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list