http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14764
--- Comment #1 from Martin Persson <[email protected]> --- Created attachment 42129 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=42129&action=edit Bug 14764: OPAC news selector - URL parameter This patch adds an URL-based override for the homebranch variable in opac-main.pl. Allows viewing of arbitrary branches. Possible security issue: The user changes branch parameter to perform SQL or XSS injection. This would not be possible via the database, as the foreign key constraint would block arbitrary code. However, the News retrieval function is using prepared statements which are immune to this. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
