Bug 24052: Add koha_xslt_security to koha-conf.xml

The line for enabling the unsafe expand_entities option is commented
and includes a warning to keep it like that ;)

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

diff --git a/debian/templates/koha-conf-site.xml.in b/debian/templates/koha-conf-site.xml.in
index ded7ace..319f492 100644 (file)
--- a/debian/templates/koha-conf-site.xml.in
+++ b/debian/templates/koha-conf-site.xml.in
@@ -426,5 +426,13 @@ __END_SRU_PUBLICSERVER__
     </repo>
  </plugin_repos>
 
+ <koha_xslt_security>
+ <!-- Uncomment the following entry ONLY when you explicitly want the XSLT
+      parser to expand entities like <!ENTITY secret SYSTEM "/etc/secrets">.
+      This is unsafe and therefore NOT recommended!
+     <expand_entities_unsafe>1</expand_entities_unsafe>
+ -->
+ </koha_xslt_security>
+
 </config>
 </yazgfs>

diff --git a/etc/koha-conf.xml b/etc/koha-conf.xml
index 519a9cc..5be267d 100644 (file)
--- a/etc/koha-conf.xml
+++ b/etc/koha-conf.xml
@@ -250,5 +250,13 @@ __PAZPAR2_TOGGLE_XML_POST__
     </repo>
  </plugin_repos>
 
+ <koha_xslt_security>
+ <!-- Uncomment the following entry ONLY when you explicitly want the XSLT
+      parser to expand entities like <!ENTITY secret SYSTEM "/etc/secrets">.
+      This is unsafe and therefore NOT recommended!
+     <expand_entities_unsafe>1</expand_entities_unsafe>
+ -->
+ </koha_xslt_security>
+
 </config>
 </yazgfs>