[Koha-devel] Using unsanitized data in regular expressions
David Cook
dcook at prosentient.com.au
Mon Mar 4 08:00:51 CET 2019
Hi all,
I encountered a problem recently where create-pdf.pl was stuck in an
infinite loop because a string passed into '$line =~ s/$1//;' in
C4::Patroncards::Patroncard contained "(TEST)" and it was treating the
parentheses as metacharacters and not literal values.
I fixed the problem by changing the line to '$line =~ s/\Q$1\E//;', so that
anything in $1 would be escaped, but it got me thinking about other parts of
Koha. I'm not saying that it's necessarily a problem in other parts of Koha,
but that it might be good to be mindful of it.
David Cook
Systems Librarian
Prosentient Systems
72/330 Wattle St
Ultimo, NSW 2007
Australia
Office: 02 9212 0899
Direct: 02 8005 0595
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20190304/2c7f5e3f/attachment.html>
More information about the Koha-devel
mailing list