https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17045
Chris Cormack <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #1 from Chris Cormack <[email protected]> --- I think doing something with mana that biblibre is working on is a much better idea. Running stuff directly from a wiki that anyone can edit, is a hugely insecure idea. SELECT biblionumber, CONCAT('<script>alert\(\"',title,'\"\)</script>') AS Title FROM biblio ORDER BY biblionumber Is a safe but annoying one, it could easily be changed to run some much more dangerous js, or dump the persons sessionid etc. I would hope people are reading the sql they are cutting and pasting. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
