[Koha-bugs] [Bug 19121] Prevent XSS in the Staff Client and the OPAC - bis
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Aug 15 21:24:31 CEST 2017
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19121
--- Comment #1 from Jonathan Druart <jonathan.druart at bugs.koha-community.org> ---
Created attachment 66045
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=66045&action=edit
Bug 19121: [PoC] Prevent XSS - Escape variables when sent to scripts
We will need to adapt Koha::CGI->param to work in list context (even
if it is considered bad), and explicitely call ->param_raw when we do
not want the escape to be done.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list