https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22223
David Cook <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #133589|0 |1 is obsolete| | Attachment #133590|0 |1 is obsolete| | --- Comment #46 from David Cook <[email protected]> --- Created attachment 170485 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=170485&action=edit Bug 22223: Add filter to make item URLs safe in template output This change adds a "safe_url" filter which takes a text input and returns a Perl URL object which stringifies to a safe URL. This change is only needed in the OPAC as the staff interface handles the item URL display using Javascript not Template Toolkit. 0. Apply patch and koha-plack --restart kohadev 1. Create an item for a record using the following URL https://koha-community.org?url=https%3A%2F%2Fkoha-community.org 2. Go to the OPAC for that record and verify that the URL is not double-escaped 3. Create a malicious payload (talk to QA/security team for this if necessary) 4. Note that the malicious payload is escaped 5. prove t/Koha/Plugins/SafeURL.t 6. Celebrate! -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
