[Koha-bugs] [Bug 25373] New: Bug 23290 Security fix break all XSLT entities
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue May 5 10:32:06 CEST 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25373
Bug ID: 25373
Summary: Bug 23290 Security fix break all XSLT entities
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: P5 - low
Component: Architecture, internals, and plumbing
Assignee: koha-bugs at lists.koha-community.org
Reporter: didier.gautheron at biblibre.com
QA Contact: testopia at bugs.koha-community.org
By default display XSL have :
<!DOCTYPE stylesheet [<!ENTITY nbsp " " >]>
Since Bug 23290 are replaced with nothing, mangling xsl style sheet
output.
Worse if nbsp is inside a xslt:text tag some (all?) xml parsers return an error
with an empty output.
Error:
xsltParseTemplateContent: xslt:text content problem
compilation error: file /home/koha/webdatas/public/XSLT/OPACResults.xsl element
text
xsltParseTemplateContent: xslt:text content problem
at /home/koha/src/Koha/XSLT_Handler.pm line 343.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list