[Koha-bugs] [Bug 17989] Stricter control on source directory for html templates
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Oct 27 18:40:16 CEST 2017
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17989
--- Comment #32 from Jonathan Druart <jonathan.druart at bugs.koha-community.org> ---
Comment on attachment 68671
--> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=68671
Bug 17989: Final changes
Review of attachment 68671:
--> (https://bugs.koha-community.org/bugzilla3/page.cgi?id=splinter.html&bug=17989&attachment=68671)
-----------------------------------------------------------------
::: svc/members/search
@@ +28,5 @@
> use Koha::Patrons;
>
> my $input = new CGI;
> +my $template_path = $input->param('template_path');
> +if( !$template_path || $template_path =~ /^\/|\.\./ ) {
Why do we need to check that here? It is already checked in badtemplatecheck.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list