Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/modules
History
Amit Gupta 26864e9f6f Bug 19611: Fix XSS Flaws in supplier.pl 
Test
1. Hit the page /cgi-bin/koha/acqui/supplier.pl?op=enter
2. Add a text in the field Name that contains java script
3. Save the page.
4. Notice js is execute
5. Apply patch and reload the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-01-09 16:02:00 -03:00
..
acqui Bug 19611: Fix XSS Flaws in supplier.pl 2018-01-09 16:02:00 -03:00
admin Bug 19914: Add an id to the Delete button on the library list view 2018-01-08 14:23:52 -03:00
authorities Bug 18422 - Add Select2 to authority editor 2017-09-29 16:49:48 -03:00
basket Bug 19356: Move staff client cart JavaScript to the footer 2017-10-20 16:54:29 -03:00
batch
catalogue Bug 19706: (QA follow-up) Hide the collection code selector if no value is defined (for consistency) 2017-12-18 12:16:25 -03:00
cataloguing Bug 19623: (QA follow-up) Add missing footerjs variable in merge.tt 2017-12-26 12:52:33 -03:00
circ Bug 19744: Move template JavaScript to the footer: Offline circulation 2017-12-22 13:15:39 -03:00
clubs Bug 19627: (follow-up) Include tools-menu.js on required templates 2017-12-14 16:58:14 -03:00
common Bug 13835: Popup with searches: results hidden by language menu in footer 2017-04-28 08:35:30 -04:00
course_reserves Bug 15378: Allow removal of lost items from course reserves 2018-01-02 11:46:41 -03:00
errors Bug 16270: Typo authentification/authentication 2016-04-29 14:44:26 +00:00
help Bug 19096: Online help changes 2017-12-07 14:44:15 -03:00
ill Bug 7317: Display all the libraries, not only one 2017-11-09 13:31:10 -03:00
installer Bug 18819: "UNIMARC is used in Europe" text changed to "UNIMARC is used in a few European countries" 2017-12-20 13:34:10 -03:00
labels Bug 19050 - XSS Flaws in Quick spine label creator 2017-08-29 12:00:37 -03:00
members Bug 19612: Fix XSS in members/memberentry.pl 2018-01-09 16:01:50 -03:00
offline_circ Bug 19744: Move template JavaScript to the footer: Offline circulation 2017-12-22 13:15:39 -03:00
onboarding Bug 19514: Add client-side check 2017-12-14 16:58:13 -03:00
patron_lists Bug 19647: Move patron lists templates JS to the footer 2017-12-11 11:34:20 -03:00
patroncards Bug 18528: Patron card creator template: switch form fields for card height and card width 2017-10-09 16:15:52 -03:00
plugins Bug 19710: Move plugins templates javascript to the footer 2017-12-11 11:34:23 -03:00
reports Bug 19669: Remove deprecated checkouts by patron category report 2017-12-21 11:55:14 -03:00
reserve Bug 19300: Replace C4::Reserves::OPACItemHoldsAllowed 2018-01-02 11:46:39 -03:00
reviews Bug 19663: Move JS to the footer: Reports 2017-12-14 16:58:22 -03:00
rotating_collections Bug 19656: Move rotating collections templates JS to the footer 2017-12-11 11:34:22 -03:00
serials Bug 19767: Remove unused serial-issues.pl script 2017-12-14 16:58:39 -03:00
services Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
suggestion Bug 19659: Move JS to the footer: Suggestions and tags 2017-12-11 11:34:22 -03:00
tags Bug 19659: Move JS to the footer: Suggestions and tags 2017-12-11 11:34:22 -03:00
test
tools Bug 18201: Export data -Fix "Remove non-local items" option and add "Removes non-local records" option for existing functionality 2017-12-21 13:10:03 -03:00
virtualshelves Bug 19658: Style fix for staff client lists page 2017-12-20 13:34:10 -03:00
about.tt Bug 7143: Update about page for new dev - Isabel Grubi 2017-12-20 13:52:44 -03:00
auth.tt Bug 18314 (QA Followup) Use OpacBaseURL for password reset link 2017-05-12 10:59:10 -04:00
intranet-main.tt Bug 19860: Make staff client home page responsive 2017-12-26 12:52:34 -03:00