http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8171
Chris Cormack <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Improper escaping of quotes |Improper escaping of quotes |during z39.50 queries leads |during z39.50 queries leads |to potential malicious code |to broken html |execution | --- Comment #3 from Chris Cormack <[email protected]> --- (In reply to comment #2) > You may be correct that I have not identified the source of the bug. You > are incorrect when you say that the problem is that the quotation marks are > not escaped during the actual search. The problem is that the quotation > marks are not escaped when one chooses edit-> replace record via z39.50. If > the title contains double quotes, everything from the first set of quotes > back disappears, and is not transferred into the search window. The quoted > text never makes it into the actual search. I was just guessing where the problem was, since I haven't tried to replicate. But I can guarantee that changing the column name in the sql, will have utterly no effect on value that is stored in that column. > > It is easy to replicate this bug. Pick any title in your collection and > edit marc field $245a by appending "test quotes" at the end of the title. > Then click on z39.50 search. The words "test quote" do not appear in the > pop-up search window. Therefore, whatever module controls this behavior is > not properly escaping the quotes. If you would kindly identify this module > I would be greatly appreciative. Thanks for your quick response and all > your help in this matter. > I would look into the perl code that is outputting it and/or the template. It is not being stored in the database incorrectly, the placeholders are escaping all bad characters. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
