Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/includes/biblio-view-menu.inc
Jonathan Druart f563ba795e Bug 17024: Fix XSS in tools/viewlog.pl 
Test plan:
    Hit /tools/viewlog.pl?do_it=1&modules=CATALOGUING&action=MODIFY&object=<script>alert("XSS")</script>

=> Without this patch you will see the alert
=> With this patch, no more alert

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-08-04 18:16:21 +00:00

38 lines
2.2 KiB
HTML
Raw Blame History

[% USE Biblio %]
[% SET biblio_object_id = object || biblionumber %]
<div id="menu">
<ul>
[% IF ( detailview ) %]<li class="active">[% ELSE %]<li>[% END %]
<a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=[% biblio_object_id | url %]">Normal</a></li>
[% IF ( can_view_MARC ) %]
[% IF ( marcview ) %]<li class="active">[% ELSE %]<li>[% END %]
<a href="/cgi-bin/koha/catalogue/MARCdetail.pl?biblionumber=[% biblio_object_id | url %]">MARC</a></li>
[% END %]
[% IF ( can_view_labeledMARC ) %]
[% IF ( labeledmarcview ) %]<li class="active">[% ELSE %]<li>[% END %]
<a href="/cgi-bin/koha/catalogue/labeledMARCdetail.pl?biblionumber=[% biblio_object_id | url %]">Labeled MARC</a></li>
[% END %]
[% IF ( can_view_ISBD ) %]
[% IF ( isbdview ) %]<li class="active">[% ELSE %]<li>[% END %]
<a href="/cgi-bin/koha/catalogue/ISBDdetail.pl?biblionumber=[% biblio_object_id | url %]">ISBD</a></li>
[% END %]
[% IF ( moredetailview ) %]<li class="active">[% ELSE %]<li>[% END %]
<a href="/cgi-bin/koha/catalogue/moredetail.pl?biblionumber=[% biblio_object_id | url %]">Items</a></li>
[% IF ( CAN_user_reserveforothers ) %]
[% IF ( holdsview ) %]<li class="active">[% ELSE %]<li>[% END %]<a href="/cgi-bin/koha/reserve/request.pl?biblionumber=[% biblio_object_id | url %]">Holds ([% Biblio.HoldsCount( biblio_object_id ) %])</a></li>
[% END %]
[% IF ( EasyAnalyticalRecords ) %][% IF ( analyze ) %]<li class="active">[% ELSE %]<li>[% END %]<a href="/cgi-bin/koha/catalogue/detail.pl?biblionumber=[% biblio_object_id | url %]&amp;analyze=1">Analytics</a></li>[% END %]
[% IF ( subscriptionsnumber ) %]<li><a href="/cgi-bin/koha/serials/serials-search.pl?searched=1&amp;biblionumber=[% biblio_object_id | url %]">Subscription(s)</a></li>[% END %]
</ul>
<ul>
[% IF ( issuehistoryview ) %]<li class="active">[% ELSE %]<li>[% END %]
<a href="/cgi-bin/koha/catalogue/issuehistory.pl?biblionumber=[% biblio_object_id | url %]" >Checkout history</a></li>
[% IF ( CAN_user_tools_view_system_logs ) %][% IF ( logview ) %]<li class="active">[% ELSE %]<li>[% END %]<a href="/cgi-bin/koha/tools/viewlog.pl?do_it=1&amp;modules=CATALOGUING&amp;action=MODIFY&amp;object=[% biblio_object_id | url %]">Modification log</a> </li>[% END %]
</ul>
</div>
View git blame Copy permalink