Bug 13510 : Fixing the third XSS issue

To test 1/ Make sure you have some items in your database, that have values in items.issue If nessecary do something like UPDATE items SET issues = 10 WHERE itemnumber=somenumber 2/ Hit a url like http://localhost:8080/cgi-bin/koha/opac-topissues.pl?do_it=1&timeLimit=3%3Cscript%3Eprompt%28924513%29%3C/script%3E 3/ Notice you will get a prompt 4/ Apply patch 5/ Test again Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-05 06:37:51 +00:00 · 2015-01-05 06:37:51 +00:00 · da6ee1c469
commit da6ee1c469
parent 52fe123891
1 changed files with 1 additions and 1 deletions
--- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-topissues.tt
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-topissues.tt
@ -49,7 +49,7 @@
                                    [% branch %]
                                    [% END %]
                                    [% IF ( timeLimitFinite ) %]
-                                    in the past [% timeLimitFinite %] months
+                                    in the past [% timeLimitFinite |html %] months
                                    [% ELSE %] of all time[% END %]
                                </caption>
                                <thead>