[Patches] [PATCH] [3.4.x] Bug 6628 fixing security vulnerability
koha-patchbot at kohaaloha.com
koha-patchbot at kohaaloha.com
Mon Nov 28 23:35:02 NZDT 2011
From: Chris Cormack <chrisc at catalyst.net.nz>
Date: Sat, 26 Nov 2011 07:39:51 +1300
Subject: [PATCH] [3.4.x] Bug 6628 fixing security vulnerability
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Frère Sébastien Marie <semarie-koha at latrappe.fr>
- patch taken from master
- I also corrected two invalid calls to themelanguage (tests are not possible else)
---
help.pl | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/help.pl b/help.pl
index 7208a8a..bb9c043 100755
--- a/help.pl
+++ b/help.pl
@@ -32,13 +32,15 @@ our $refer = $query->param('url');
$refer = $query->referer() if !$refer || $refer eq 'undefined';
$refer =~ /koha\/(.*)\.pl/;
-my $from = "modules/help/$1.tt";
+my $file = $1;
+$file =~ s/[^a-zA-Z0-9_\-\/]*//g;
+my $from = "modules/help/$file.tt";
my $htdocs = C4::Context->config('intrahtdocs');
-my ( $theme, $lang ) = themelanguage( $htdocs, $from, "intranet", $query );
+my ( $theme, $lang ) = C4::Templates::themelanguage( $htdocs, $from, "intranet", $query );
unless ( -e "$htdocs/$theme/$lang/$from" ) {
$from = "modules/help/nohelp.tt";
- ( $theme, $lang ) = themelanguage( $htdocs, $from, "intranet", $query );
+ ( $theme, $lang ) = C4::Templates::themelanguage( $htdocs, $from, "intranet", $query );
}
my $template = C4::Templates->new('intranet', "$htdocs/$theme/$lang/$from");
$template->param( referer => $refer );
--
1.7.2.5
More information about the Patches
mailing list