http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3652
--- Comment #39 from Jared Camins-Esakov <jcam...@cpbibliography.com> --- (In reply to comment #38) > Comment on attachment 12835 [details] > Bug 3652: close XSS vulnerabilities on biblionumber and authid > > About this patch, Jared, why do you add > || $query->param('bib'); > to opac-ISBD|MARCdetail.pl ? > I see it's in opac-detail, but it's an oldies and not goodies (in early > versions of Koha, biblionumber was sometimes written bib, bn, ... It has > been fixed, and I favour removing > || $query->param('bib'); > from opac-detail.pl, because we must not have param('bib') I wanted to make sure the behavior was identical, and I figured there must surely be a good reason for the $query->param('bib'). If you wanted to remove the || $query->param('bib') from all three files, I would not object at all. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/