http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10590
Galen Charlton <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #19659|0 |1 is obsolete| | Attachment #19660|0 |1 is obsolete| | Attachment #19661|0 |1 is obsolete| | Attachment #19662|0 |1 is obsolete| | Attachment #19663|0 |1 is obsolete| | Attachment #19664|0 |1 is obsolete| | --- Comment #13 from Galen Charlton <[email protected]> --- Created attachment 19665 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=19665&action=edit Bug 10590 - in opac-topissues limit param is not protected In opac-topissues page, the limit URL argument is directly added to SQL query. This patch adds protections : limit must only contain digits and must be lower than 100. Test plan : - Edit URL to : /cgi-bin/koha/opac-topissues.pl?limit=10&branch=&itemtype=&timeLimit=999&do_it=1 => You get the results of 10 most cheched-out of all time - Edit URL to : /cgi-bin/koha/opac-topissues.pl?limit=&branch=&itemtype=&timeLimit=999&do_it=1 => You get the results of 10 most cheched-out of all time - Edit URL to : /cgi-bin/koha/opac-topissues.pl?limit=9999&branch=&itemtype=&timeLimit=999&do_it=1 => You get the results of 100 most cheched-out of all time - Edit URL to : /cgi-bin/koha/opac-topissues.pl?limit=WHERE&branch=&itemtype=&timeLimit=999&do_it=1 => You get the results of 10 most cheched-out of all time Signed-off-by: Robin Sheat <[email protected]> Signed-off-by: Galen Charlton <[email protected]> -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
