Browse Source
This is a bad one as we thought we were XSS safe since bug 13618. The html code generated in C4::Output::pagination_bar must escape the variables and values correctly. This patch needs to be widely tested, everywhere the pagination appears, to make sure we will not introduce regressions. Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Nick Clemens <nick@bywatersolutions.com>19.05.x
1 changed files with 5 additions and 1 deletions
Loading…
Reference in new issue