https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29678
--- Comment #30 from David Cook <[email protected]> --- Could people share their workflows for this? Are you uploading your own XSLTs to the same domain as Koha? To other domains you control? Are you referencing someone else's XLSTs? -- If we look at the "Using XML::LibXSLT::Security" section, we could modify our "read_net" callback to allow for reads if certain URL conditions are met. For instance, the URL's hostname/domain matches one we expect (probably in koha-conf.xml for security reasons - a global system preference could be manipulated by the same person updating the XSLT system preference which defeats the point of having the security at all). We could also check for file extension, which typically isn't a super robust check, but would help prevent network requests for other things. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
