http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8015
Paul Poulain <paul.poul...@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Failed QA --- Comment #129 from Paul Poulain <paul.poul...@biblibre.com> --- (In reply to Jared Camins-Esakov from comment #128) > This is not a minor violation. As far as I can tell, there is unsanitized > user input being run directly. Consider the following code: <snip> > I was unable to test this example, since I couldn't get MARC modification > templates to work during a cursory test, but I'm sure you see my point. I hadn't checked what the eval was related to, I assumed it was safe. I agree with your point : failed QA, this could probably be exploited. Jared, would you be pleased if the parameters where sanitized, even if the eval is still here ? -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/