projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6073d89) | patch
Bug 13425 - XSS in opac facets - Patch for 3.16
authorChris Cormack <chrisc@catalyst.net.nz>
Tue, 9 Dec 2014 23:47:30 +0000 (12:47 +1300)
committerMason James <mtj@kohaaloha.com>
Wed, 10 Dec 2014 03:54:10 +0000 (16:54 +1300)
commit30ca6c1d0eaf15ffc4339cb20595241182b9cdae
tree0ff1dc660e967ea61cefaafabbdd6e98cd527cddtree | snapshot
parent6073d8943c74dcb2319fbd8415f819521d5b1092commit | diff
Bug 13425 - XSS in opac facets - Patch for 3.16

To Test
1/ Craft a url like /cgi-bin/koha/opac-search.pl?q=123&sort_by='"><script>prompt('Happy_Holidays')</script>&limit=123

It is important it must return results and facets

2/ Notice the js is executed
3/ Apply the patch test again

Test this one both in prog and bootstrap please

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
koha-tmpl/intranet-tmpl/prog/en/includes/facets.inc diff | blob | history
Main Koha release repository