Thanks everyone.
Le 15/07/2013 17:22, Galen Charlton a écrit :
Hi,
On Mon, Jul 15, 2013 at 7:20 AM, Robin Sheat wrote:
This said, there are two patches there now: Fridolyn's one that filters
on input, and my followup that parameterises the SQL to add another
layer of defence (also doing quer
Hi,
On Mon, Jul 15, 2013 at 7:20 AM, Robin Sheat wrote:
> This said, there are two patches there now: Fridolyn's one that filters
> on input, and my followup that parameterises the SQL to add another
> layer of defence (also doing queries the way they're supposed to be
> done.)
>
These two patc
Op 15/07/13 12:17, Fridolyn SOMERS schreef:
> I've just opened
> http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10590.
> I've set it to critical because I think it is a security problem
> existing at OPAC :
So, on analysis, it is a terribly bad code smell that needs to be fixed,
however
Hie,
I've just opened
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10590.
I've set it to critical because I think it is a security problem
existing at OPAC :
In opac-topissues the parameter limit is directly added at the end of
the SQL query, without testing its value.
A user can e
