projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 438ed23) | patch
kohabug 2026 - HTML-escape comments
authorGalen Charlton <galen.charlton@liblime.com>
Wed, 30 Apr 2008 22:09:14 +0000 (17:09 -0500)
committerJoshua Ferraro <jmf@liblime.com>
Thu, 1 May 2008 02:59:01 +0000 (21:59 -0500)
commit60983cfeeec5de1f961228dfc3c59d96f8aa177e
tree9d1ed9a4a466368400d35b2fae6ba8170672a5f6tree | snapshot
parent438ed2333787a37101ce5476dbd656005ab17537commit | diff
kohabug 2026 - HTML-escape comments

This is a partial, perhaps temporary fix.  "<", ">",
and "&" characters in patron comments (AKA reviews)
are converted to "&lt;", "&gt;", and "&amp;" to avoid
certain attacks, e.g., a user entering a <script> tag
in a comment.

A more permanent fix should scrub all (or perhaps just
unsafe) tags from submitted comments entirely.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
koha-tmpl/intranet-tmpl/prog/en/modules/reviews/reviewswaiting.tmpl diff | blob | history
koha-tmpl/opac-tmpl/prog/en/modules/opac-ISBDdetail.tmpl diff | blob | history
koha-tmpl/opac-tmpl/prog/en/modules/opac-detail.tmpl diff | blob | history
koha-tmpl/opac-tmpl/prog/en/modules/opac-review.tmpl diff | blob | history
koha-tmpl/opac-tmpl/prog/en/modules/opac-showreviews.tmpl diff | blob | history
Koha ILS @ FFZG - based on git://git.koha.org/pub/scm/koha.git