Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity

Bug 17028: Fix XSS in reserve/request.pl

Browse source 
Test plan:
Hit
  /cgi-bin/koha/reserve/request.pl?biblionumber=1"><script type="text/javascript">alert("XSS")</script>

=> Without this patch you will see the alert
=> With this patch, no more alert

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
This commit is contained in:
Jonathan Druart 2016-08-02 15:41:49 +01:00 committed by Brendan Gallagher
parent c6d3e5a50b
commit 66f81fc210
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
reserve/request.pl
View file

@ -212,6 +212,7 @@ my $borrowerinfo = GetMember( borrowernumber => $borrowernumber_hold );
my $itemdata_enumchron = 0;
my @biblioloop = ();
foreach my $biblionumber (@biblionumbers) {
next unless $biblionumber =~ m|^\d+$|;
my %biblioloopiter = ();