Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/modules
History
Katrin Fischer 13e65432ce Bug 19086: (follow-up) Fix Stored XSS in supplier.pl 
In preparation:
Make sure you enter <script>alert("sth")</script>
in all fields of a new vendor that are not validated
and save.

1) Access vendor summary page.
2) Verify scripts are executed
3) Apply patch
4) Verify scripts are on longer executed

This works in combination with the other patches for XSS
on this bug.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:45 -03:00
..
acqui Bug 19086: (follow-up) Fix Stored XSS in supplier.pl 2017-09-29 12:20:45 -03:00
admin Bug 10132: (QA followup) Open LOC URL on a separate window 2017-09-19 09:47:28 -03:00
authorities Bug 17380: [QA Follow-up] Report error to user instead of throwing exception 2017-09-12 12:07:48 -03:00
basket Bug 12644 - Add subtitles to staff client cart 2017-08-15 12:17:45 -03:00
batch
catalogue Bug 18654 - Translatability: Get rid of tt directives starting with [%% in translation for itemsearch.tt 2017-09-12 10:16:20 -03:00
cataloguing Bug 16204: Show friendly error message if trying to edit record which no longer exists 2017-09-19 11:47:33 -03:00
circ Bug 19086: Fix Stored XSS in circulation.pl 2017-09-29 12:20:44 -03:00
clubs Bug 19215: Fixing typo in URL for patron clubs 2017-09-06 12:55:23 -03:00
common Bug 13835: Popup with searches: results hidden by language menu in footer 2017-04-28 08:35:30 -04:00
course_reserves Bug 19228: Trigger confirm delete when removing item from course 2017-09-07 13:56:38 -03:00
errors
help Bug 18817: Update links manually 2017-08-25 10:22:14 -03:00
installer Bug 18629: (followup) Plain text "Continue..." instead of BLOCK 2017-08-30 16:43:34 -03:00
labels Bug 19050 - XSS Flaws in Quick spine label creator 2017-08-29 12:00:37 -03:00
members Bug 19086: Fix Stored XSS in members/member.pl 2017-09-29 12:20:44 -03:00
offline_circ
onboarding Bug 18649: Translatability: Get rid of tt directive in translation for admin/categories.tt and onboardingstep2.tt 2017-08-30 16:43:35 -03:00
patron_lists Bug 18871: Make patron list name a link to view contents of list 2017-08-30 16:51:21 -03:00
patroncards Bug 18541 - Patron card creator: Add a grid to support layout design 2017-09-19 11:47:32 -03:00
plugins Bug 19173: Add opac payment and marc conversion plugins to the pulldown filter list 2017-09-19 14:15:52 -03:00
reports Bug 19054 - XSS Flaws in Report - Top Most-circulated items 2017-08-29 12:00:37 -03:00
reserve Bug 14353 - Show 'damaged' and other status on the 'place holds' page in staff 2017-09-01 13:00:05 -03:00
reviews
rotating_collections
serials Bug 19086: Fix Stored XSS in subscription-add.pl 2017-09-29 12:20:45 -03:00
services
sms
suggestion Bug 18581 - Add standard edit and delete buttons to suggestions list 2017-08-25 10:59:04 -03:00
tags Bug 5471 - Quotes in tags fail 2017-08-10 13:20:31 -03:00
test
tools Bug 14316: Clarify meaning of record number in Batch record modification tool 2017-09-01 13:02:26 -03:00
virtualshelves Bug 18980: Show distinction between shared and private lists in staff 2017-08-10 13:20:31 -03:00
about.tt Bug 18739 - Add SVG version of staff-home-icons-sprite image 2017-09-19 11:47:32 -03:00
auth.tt Bug 18314 (QA Followup) Use OpacBaseURL for password reset link 2017-05-12 10:59:10 -04:00
intranet-main.tt Bug 19041: (bug 17855 follow-up) Fix regression on bug 16058 2017-08-08 09:20:35 -03:00