projects / koha.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Bug 17029: Fix XSS in catalogue/*detail.pl
[koha.git] / catalogue / detail.pl
diff --git a/catalogue/detail.pl b/catalogue/detail.pl
index 4917673..ebc138d 100755 (executable)
--- a/catalogue/detail.pl
+++ b/catalogue/detail.pl
@@ -19,6 +19,7 @@
 use Modern::Perl;
 
 use CGI qw ( -utf8 );
+use HTML::Entities;
 use C4::Acquisition qw( GetHistory );
 use C4::Auth;
 use C4::Koha;
@@ -58,6 +59,7 @@ my ( $template, $borrowernumber, $cookie, $flags ) = get_template_and_user(
 );
 
 my $biblionumber = $query->param('biblionumber');
+$biblionumber = HTML::Entities::encode($biblionumber);
 my $record       = GetMarcBiblio($biblionumber);
 
 if ( not defined $record ) {
Koha ILS @ FFZG - based on git://git.koha.org/pub/scm/koha.git