Main Koha release repository https://koha-community.org
Find a file
Katrin Fischer 13e65432ce Bug 19086: (follow-up) Fix Stored XSS in supplier.pl
In preparation:
Make sure you enter <script>alert("sth")</script>
in all fields of a new vendor that are not validated
and save.

1) Access vendor summary page.
2) Verify scripts are executed
3) Apply patch
4) Verify scripts are on longer executed

This works in combination with the other patches for XSS
on this bug.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:45 -03:00
acqui Bug 19195: Do not explicitely force scalar context when unecessary 2017-09-19 11:57:10 -03:00
admin Bug 10132: Admin pages changes 2017-09-19 09:47:27 -03:00
api/v1 Bug 18282: operationId must be unique 2017-09-21 12:02:39 -03:00
authorities Bug 18149: Move CountUsage calls to Koha namespace 2017-09-19 11:47:32 -03:00
basket Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
C4 Bug 18137: List Mojolicious::Plugin::OpenAPI and JSON::Validator as dependencies 2017-09-21 11:27:05 -03:00
catalogue Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
cataloguing Bug 16204: Show friendly error message if trying to edit record which no longer exists 2017-09-19 11:47:33 -03:00
circ Bug 19059: Fix compilation issues 2017-09-12 12:42:59 -03:00
clubs Bug 18632: Remove 'CGI::param called in list context' warnings 2017-05-28 22:25:22 -04:00
course_reserves Bug 18367 - (QA Followup) Only warn if doing a lookup and not having an item 2017-07-28 11:37:06 -03:00
debian Bug 18877: Add documentation on dbhost for koha-create help 2017-08-15 12:17:44 -03:00
docs Bug 7143: Add Patricio Marrone to history.txt 2017-03-31 13:45:33 +00:00
errors
etc Bug 18104 - allow SIP2 field AE (personal name ) to be customized 2017-07-06 14:52:54 -03:00
installer Bug 6758: DBRev 17.05.00.008 2017-09-19 14:15:23 -03:00
Koha Bug 18137: (QA-follow-up) Fix pod fail 2017-09-21 11:27:05 -03:00
koha-tmpl Bug 19086: (follow-up) Fix Stored XSS in supplier.pl 2017-09-29 12:20:45 -03:00
labels Bug 18262: Koha::Biblio - Remove GetBiblioData - part 1 2017-07-14 12:22:23 -03:00
members Bug 12346: Display the correct number of pending patron modifications on the patron module home page 2017-09-12 12:08:45 -03:00
misc Bug 18739 - Add SVG version of staff-home-icons-sprite image 2017-09-19 11:47:32 -03:00
offline_circ Bug 17829: Move GetMember to Koha::Patron 2017-07-10 13:14:19 -03:00
opac Bug 19173: Add opac payment and marc conversion plugins to the pulldown filter list 2017-09-19 14:15:52 -03:00
OpenILS Bug 9239 QA follow-up: remove stray debug code 2013-03-16 21:32:34 -04:00
patron_lists
patroncards Bug 18541: (QA follow-up) Fix wrong variable name ($layout_xml vs $print_layout_xml) 2017-09-19 11:47:32 -03:00
plugins Bug 19088: plugins-upload causes error log noise 2017-08-30 15:05:56 -03:00
reports Bug 18742: (QA followup) Fix indentation 2017-09-19 09:06:13 -03:00
reserve Bug 19059: Move C4::Reserves::CancelReserve to Koha::Hold->cancel 2017-09-12 12:42:58 -03:00
reviews Bug 18262: Koha::Biblio - Remove GetBiblioData - part 1 2017-07-14 12:22:23 -03:00
rotating_collections Bug 15758: Koha::Libraries - Remove GetBranches 2016-09-08 14:36:03 +00:00
serials Bug 19130: (followup) Controller scripts should preserve behaviour 2017-08-25 11:53:44 -03:00
services
skel
sms Bug 15258: Fix Perl scripts declaring unused variables 2015-12-30 17:24:45 -07:00
suggestion Bug 18839: Suggestion.pl spelling mistake 2017-07-13 16:42:04 -03:00
svc Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
t Bug 19385: Fix random t/Calendar.t failure - clear the cache before 2017-09-28 15:19:57 -03:00
tags Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
test
tmp/modified_authorities
tools Bug 18149: Move CountUsage calls to Koha namespace 2017-09-19 11:47:32 -03:00
virtualshelves Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
xt Bug 19262: Remove xt/author/pod_spell.t 2017-09-12 11:30:07 -03:00
.editorconfig
.htaccess Fix file permissions: if it is not a script, it should not be executable. 2010-04-16 00:40:34 -04:00
.mailmap Update mailmap - Jonathan Druart 2017-06-21 12:42:19 -03:00
about.pl Bug 18931 - Follow up - Typo fix in SQL statement 2017-07-26 13:50:56 -03:00
changelanguage.pl Bug 16776: Do not forget external language choice in language switcher 2016-08-10 13:51:33 +00:00
edithelp.pl Bug 16447: Remove occurrence of the borrow permission which does no longer exist 2016-05-05 21:28:14 +00:00
fix-perl-path.PL
help.pl Bug 16724: Fix link to the online documentation links 2016-06-24 12:00:42 +00:00
INSTALL Bug 17626: Remove existing install instructions and link to the wiki pages instead 2016-11-22 11:29:07 +00:00
install-CPAN.pl
Koha.pm Bug 6758: DBRev 17.05.00.008 2017-09-19 14:15:23 -03:00
koha_perl_deps.pl Bug 17990: Refactor Perl module versions check 2017-02-17 12:13:44 +00:00
kohaversion.pl
LICENSE
mainpage.pl Bug 18432 : Follow up - Updating to use they/them 2017-04-21 10:56:43 -04:00
Makefile.PL Bug 19067: Map clubs/ into INTRANET_CGI_DIR in Makefile.PL 2017-08-10 11:25:33 -03:00
MANIFEST.SKIP
README
README.md Bug 15465: Fix typo in bugs.k-c.org 2017-05-26 11:45:31 -03:00
README.robots
rewrite-config.PL Bug 15427 : Enable TLS support for MySQL 2017-03-03 18:33:07 +00:00

Koha is a free software integrated library system (ILS).

Koha is distributed under the GNU GPL version 3 or later.

Note: This is a synced mirror of the official Koha repo.

Note: Koha does not accept pull requests from git hosting sites.

Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-community.org.

For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch

The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook

http://koha-community.org/

Koha Logo