Bug 19127: (follow-up) Fix Stored XSS in csv-profiles.pl
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This commit is contained in:
parent
b90662073f
commit
357d51c8c4
1 changed files with 3 additions and 3 deletions
|
@ -133,7 +133,7 @@ function reloadPage(p) {
|
|||
[% END %]
|
||||
<li>
|
||||
<label for="profile" class="required">Profile name: </label>
|
||||
<input type="text" name="profile" id="profile" value="[% csv_profile.profile %]" class="required">
|
||||
<input type="text" name="profile" id="profile" value="[% csv_profile.profile | html %]" class="required">
|
||||
<span class="required">Required</span>
|
||||
</li>
|
||||
<li>
|
||||
|
@ -175,7 +175,7 @@ function reloadPage(p) {
|
|||
</li>
|
||||
<li>
|
||||
<label for="description">Profile description: </label>
|
||||
<textarea cols="50" rows="2" name="description" id="description">[% csv_profile.description %]</textarea>
|
||||
<textarea cols="50" rows="2" name="description" id="description">[% csv_profile.description | html %]</textarea>
|
||||
</li>
|
||||
<li>
|
||||
<label for="csv_separator">CSV separator: </label>
|
||||
|
@ -240,7 +240,7 @@ function reloadPage(p) {
|
|||
[% IF op == 'delete_confirm' %]
|
||||
<div class="dialog alert">
|
||||
[% IF csv_profile %]
|
||||
<h3>Delete CSV Profile "[% csv_profile.profile %]?"</h3>
|
||||
<h3>Delete CSV Profile "[% csv_profile.profile | html %]?"</h3>
|
||||
<form action="/cgi-bin/koha/tools/csv-profiles.pl" method="post">
|
||||
<input type="hidden" name="op" value="delete_confirmed" />
|
||||
<input type="hidden" name="export_format_id" value="[% csv_profile.export_format_id %]" />
|
||||
|
|
Loading…
Reference in a new issue