[Koha-bugs] [Bug 22478] Cross-site scripting vulnerability in paginations
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu May 2 15:51:59 CEST 2019
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22478
--- Comment #50 from Nick Clemens <nick at bywatersolutions.com> ---
(In reply to Jonathan Druart from comment #45)
> (In reply to Martin Renvoize from comment #43)
> > Created attachment 89009 [details] [review] [review]
> > Bug 22478: (QA follow-up) Update tests to check for any script tags
>
> I do not think these tests are correct. We want to test that the variable
> are correctly escaped, not that a specific script (opac-shelves) will
> replace an invalid value with a correct one (everything != 1 or 2 will be 2)
Please file a follow-up if you think we need to fix this Jonathan, patches were
pushed to stable and so master followed.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list