[Koha-patches] [PATCH] Bug 3652: close XSS vulnerabilities on biblionumber and authid
Jared Camins-Esakov
jcamins at cpbibliography.com
Mon Oct 15 17:55:17 CEST 2012
Previously we did not sanitize biblionumber and authids passed in by
the user.
To test:
1) Go to /cgi-bin/koha/opac-detail.pl?biblionumber=2hi (substituting a
valid biblionumber for the 2).
2) Notice the presence of "2hi" on this page, and also on the ISBD and
MARC views.
3) Go to /cgi-bin/koha/opac-authoritiesdetail.pl?authid=2bye
(substituting a valid authid for the 2).
4) Notice the presence of "2bye" on this page.
3) Apply patch.
4) Notice that "2hi" and "2bye" strings are gone.
---
opac/opac-ISBDdetail.pl | 3 ++-
opac/opac-MARCdetail.pl | 3 ++-
opac/opac-authoritiesdetail.pl | 1 +
opac/opac-detail.pl | 1 +
opac/opac-showmarc.pl | 1 +
5 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/opac/opac-ISBDdetail.pl b/opac/opac-ISBDdetail.pl
index 773ed51..8c29936 100755
--- a/opac/opac-ISBDdetail.pl
+++ b/opac/opac-ISBDdetail.pl
@@ -66,7 +66,8 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
}
);
-my $biblionumber = $query->param('biblionumber');
+my $biblionumber = $query->param('biblionumber') || $query->param('bib');
+$biblionumber = int($biblionumber);
# get biblionumbers stored in the cart
my @cart_list;
diff --git a/opac/opac-MARCdetail.pl b/opac/opac-MARCdetail.pl
index 2d9dc25..f39f2d2 100755
--- a/opac/opac-MARCdetail.pl
+++ b/opac/opac-MARCdetail.pl
@@ -57,10 +57,11 @@ my $query = new CGI;
my $dbh = C4::Context->dbh;
-my $biblionumber = $query->param('biblionumber');
+my $biblionumber = $query->param('biblionumber') || $query->param('bib');
my $itemtype = &GetFrameworkCode($biblionumber);
my $tagslib = &GetMarcStructure( 0, $itemtype );
my $biblio = GetBiblioData($biblionumber);
+$biblionumber = $biblio->{biblionumber};
my $record = GetMarcBiblio($biblionumber, 1);
if ( ! $record ) {
print $query->redirect("/cgi-bin/koha/errors/404.pl");
diff --git a/opac/opac-authoritiesdetail.pl b/opac/opac-authoritiesdetail.pl
index ffe9734..195e244 100755
--- a/opac/opac-authoritiesdetail.pl
+++ b/opac/opac-authoritiesdetail.pl
@@ -67,6 +67,7 @@ my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
);
my $authid = $query->param('authid');
+$authid = int($authid);
my $record = GetAuthority( $authid );
if ( ! $record ) {
print $query->redirect("/cgi-bin/koha/errors/404.pl"); # escape early
diff --git a/opac/opac-detail.pl b/opac/opac-detail.pl
index cdb4a5a..d9ecdfa 100755
--- a/opac/opac-detail.pl
+++ b/opac/opac-detail.pl
@@ -69,6 +69,7 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
);
my $biblionumber = $query->param('biblionumber') || $query->param('bib');
+$biblionumber = int($biblionumber);
my $record = GetMarcBiblio($biblionumber);
if ( ! $record ) {
diff --git a/opac/opac-showmarc.pl b/opac/opac-showmarc.pl
index 3638f88..f06d3cd 100755
--- a/opac/opac-showmarc.pl
+++ b/opac/opac-showmarc.pl
@@ -44,6 +44,7 @@ use XML::LibXML;
my $input = new CGI;
my $biblionumber = $input->param('id');
+$biblionumber = int($biblionumber);
my $importid = $input->param('importid');
my $view = $input->param('viewas') || 'marc';
--
1.7.9.5
More information about the Koha-patches
mailing list