http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8015
--- Comment #130 from Jared Camins-Esakov <[email protected]> --- (In reply to Paul Poulain from comment #129) > I hadn't checked what the eval was related to, I assumed it was safe. > I agree with your point : failed QA, this could probably be exploited. > > Jared, would you be pleased if the parameters where sanitized, even if the > eval is still here ? I see no way to sanitize the input while using the eval. The entire point of the eval is to allow arbitrary code to be run through the regex. Maybe it would be better to have two boxes, one for the match and one for the replacement? -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
