Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity

Bug 19127: Fix Stored XSS in csv-profiles.pl

Browse source 
To Test
1. Hit the page /cgi-bin/koha/tools/csv-profiles.pl?op=add_form
2. Add a text in the field Profile name, Profile description
   and Profile MARC fields that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This commit is contained in:
Amit Gupta 2017-08-16 17:56:17 +05:30 committed by Jonathan Druart
parent 914577fdb7
commit b90662073f
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
koha-tmpl/intranet-tmpl/prog/en/modules/tools/csv-profiles.tt
View file

@ -279,9 +279,9 @@ function reloadPage(p) {
[% FOREACH csv_profile IN csv_profiles %] [% FOREACH csv_profile IN csv_profiles %]
<tr> <tr>
<td>[% csv_profile.export_format_id %]</td> <td>[% csv_profile.export_format_id %]</td>
<td>[% csv_profile.profile %]</td> <td>[% csv_profile.profile |html %]</td>
<td>[% csv_profile.description %]</td> <td>[% csv_profile.description |html %]</td>
<td>[% csv_profile.content %]</td> <td>[% csv_profile.content |html %]</td>
<td>[% csv_profile.csv_separator %]</td> <td>[% csv_profile.csv_separator %]</td>
<td>[% PROCESS type_description type_code = csv_profile.type %]</td> <td>[% PROCESS type_description type_code = csv_profile.type %]</td>
<td>[% PROCESS used_for_description used_for_code = csv_profile.used_for %]</td> <td>[% PROCESS used_for_description used_for_code = csv_profile.used_for %]</td>