WebSearch: XSS and verbose improvements
c11ccd29586b
Actions

Authored by Ludmila Marian <ludmila.marian@gmail.com> on Oct 18 2012, 10:02.

Description

WebSearch: XSS and verbose improvements

The use of 'verbose' parameter for search pages is restricted to superadmins only, since it could expose potentially sensitive information, such as record IDs even though record content would remain restricted.

External search XSS vulnerability fix (escapes strings when printing debug information via 'verbose' parameter in the external search facility).

Committed

Tibor Simko <tibor.simko@cern.ch>

Oct 18 2012, 15:57

Parents

R3600:4317389f0e07: Invenio v0.99.5

Branches

Unknown

Tags

Unknown

Tibor Simko <tibor.simko@cern.ch> committed R3600:c11ccd29586b: WebSearch: XSS and verbose improvements (authored by Ludmila Marian <ludmila.marian@gmail.com>).Oct 18 2012, 15:57

				Path
	M			modules/bibrank/lib/bibrank_regression_tests.py
	M			modules/websearch/lib/websearch_external_collections.py
	M			modules/websearch/lib/websearch_webinterface.py