https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22836
Bug ID: 22836
Summary: Tests catching XSS vulnerabilities in pagination are
not correct
Change sponsored?: ---
Product: Koha
Version: unspecified
Hardware: All
OS: All
Status: ASSIGNED
Severity: normal
Priority: P5 - low
Component: Test Suite
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
Target Milestone: ---
See bug 22478 comments 44 and 45.
The tests were added originally to catch XSS vulnerabilities when pagination
was used (shelves, reviews, authorities searches, etc.).
With one of the QA followup (Handle category in opac-shelves like a boolean) we
did not trust the escape by resetting the "category" if not set to 1 or 2. We
should rely on the correct filtering instead.
However, if one really wants to use this change, we should adapt the tests to
catch the correct filtered values (and so do not use unlike), in another area
(i.e. not shelves, where we are handling the invalid values differently).
I am suggestion to revert those patches, as it is the easiest solution.
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
