http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14764
Martin Persson <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #42129|0 |1 is obsolete| | --- Comment #7 from Martin Persson <[email protected]> --- Created attachment 42146 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=42146&action=edit Bug 14764: OPAC news selector - URL parameter This patch adds an URL-based override for the homebranch variable in opac-main.pl. Allows viewing of arbitrary branches. Possible security issue: The user changes branch parameter to perform SQL or XSS injection. This would not be possible via the database, as the foreign key constraint would block arbitrary code. However, the News retrieval function is using prepared statements which are immune to this. Changes: Parameter 'branch' renamed 'branchcode' Sponsored-By: Halland County Library -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
