http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5131
Frère Sébastien Marie <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #2 from Frère Sébastien Marie <[email protected]> 2011-07-26 09:06:35 UTC --- As this kind of code permit user to control some System Preferences setted normally by admin, it should be corrected. One example: activation of Amazon images (on 3.4.2, using "sort_by=OPACAmazonEnabled&sort_by=OPACAmazonCoverImages") If it don't permit injection of code (it only add a template parameter of the chosen name and with value = "1"), it could permit to control of workflow for inclusion of unwanted part of code. So it is a possible vector for potentials issues. -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
