Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/modules/acqui
History
Amit Gupta 26864e9f6f Bug 19611: Fix XSS Flaws in supplier.pl 
Test
1. Hit the page /cgi-bin/koha/acqui/supplier.pl?op=enter
2. Add a text in the field Name that contains java script
3. Save the page.
4. Notice js is execute
5. Apply patch and reload the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-01-09 16:02:00 -03:00
..
csv Bug 18331: POST_CHOMP everywhere! 2017-08-15 12:17:41 -03:00
tables
acqui-home.tt Bug 19753: Move template JavaScript to the footer: Acquisitions 2017-12-22 13:15:40 -03:00
addorder.tt
addorderiso2709.tt Bug 19753: Move template JavaScript to the footer: Acquisitions 2017-12-22 13:15:40 -03:00
ajax.tt
basket.tt Bug 19753: Move template JavaScript to the footer: Acquisitions 2017-12-22 13:15:40 -03:00
basketgroup.tt
basketheader.tt Bug 19753: Move template JavaScript to the footer: Acquisitions 2017-12-22 13:15:40 -03:00
booksellers.tt Bug 19611: Fix XSS Flaws in supplier.pl 2018-01-09 16:02:00 -03:00
cancelorder.tt Bug 13208: Display complete breadcrumbs on successful deletion 2017-10-09 14:14:54 -03:00
edi_ean.tt
edifactmsgs.tt Bug 19753: Move template JavaScript to the footer: Acquisitions 2017-12-22 13:15:40 -03:00
edimsg.tt
histsearch.tt Bug 19753: Move template JavaScript to the footer: Acquisitions 2017-12-22 13:15:40 -03:00
invoice-files.tt Bug 19753: Move template JavaScript to the footer: Acquisitions 2017-12-22 13:15:40 -03:00
invoice.tt Bug 19753: Move template JavaScript to the footer: Acquisitions 2017-12-22 13:15:40 -03:00
invoices.tt Bug 19429: Rename .delete to .delete_invoice 2017-12-21 13:21:13 -03:00
lateorders.tt
modordernotes.tt
neworderbiblio.tt Bug 17182: Allow Keyword to MARC mapping for acquisitions searches 2017-12-11 14:30:43 -03:00
neworderempty.tt Bug 18525: (bug 14828 follow-up) FIX ordering from suggestion when item-level_itypes = biblio 2017-05-12 08:50:40 -04:00
neworderempty_duplicate.tt
newordersubscription.tt
newordersuggestion.tt Bug 17899 - Show only mine does not work in newordersuggestion.pl 2017-01-20 14:10:36 +00:00
ordered.tt
orderreceive.tt Bug 19114 - Stored XSS in parcels.pl 2017-08-29 12:00:37 -03:00
parcel.tt Bug 15685: Allow creation of items (AcqCreateItem) to be customizable per-basket 2017-10-11 13:06:06 -03:00
parcels.tt Bug 19114 - Stored XSS in parcels.pl 2017-08-29 12:00:37 -03:00
spent.tt
supplier.tt Bug 19611: Fix XSS Flaws in supplier.pl 2018-01-09 16:02:00 -03:00
transferorder.tt Bug 11122: Follow up - Fix some display issues and typos 2017-06-05 11:48:16 -03:00
uncertainprice.tt Bug 15685: Allow creation of items (AcqCreateItem) to be customizable per-basket 2017-10-11 13:06:06 -03:00
z3950_search.tt Bug 17487: Styling moved from style attribute into staff-global.css 2017-01-20 14:11:55 +00:00