Koha/koha-tmpl/intranet-tmpl/prog/en/modules/acqui
Katrin Fischer 13e65432ce Bug 19086: (follow-up) Fix Stored XSS in supplier.pl
In preparation:
Make sure you enter <script>alert("sth")</script>
in all fields of a new vendor that are not validated
and save.

1) Access vendor summary page.
2) Verify scripts are executed
3) Apply patch
4) Verify scripts are on longer executed

This works in combination with the other patches for XSS
on this bug.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:45 -03:00
..
csv Bug 18331: POST_CHOMP everywhere! 2017-08-15 12:17:41 -03:00
tables
acqui-home.tt
addorder.tt
addorderiso2709.tt Bug 15503 (QA Followup) 2017-02-14 15:11:03 +00:00
ajax.tt
basket.tt Bug 19180: [FOLLOW-UP] Renaming all instances of 'name' variable to 'booksellername' 2017-09-19 11:47:33 -03:00
basketgroup.tt
basketheader.tt Bug 19112 - Stored XSS in basketheader.pl page 2017-08-29 12:00:37 -03:00
booksellers.tt Bug 19112 - Stored XSS in basketheader.pl page 2017-08-29 12:00:37 -03:00
cancelorder.tt
edi_ean.tt
edifactmsgs.tt
edimsg.tt
histsearch.tt
invoice-files.tt
invoice.tt Bug 11122: Follow up - Fix some display issues and typos 2017-06-05 11:48:16 -03:00
invoices.tt Bug 19052 - XSS Flaws in - Invoice search page 2017-08-29 12:00:37 -03:00
lateorders.tt
modordernotes.tt
neworderbiblio.tt
neworderempty.tt Bug 18525: (bug 14828 follow-up) FIX ordering from suggestion when item-level_itypes = biblio 2017-05-12 08:50:40 -04:00
neworderempty_duplicate.tt
newordersubscription.tt
newordersuggestion.tt
ordered.tt
orderreceive.tt Bug 19114 - Stored XSS in parcels.pl 2017-08-29 12:00:37 -03:00
parcel.tt Bug 19114 - Stored XSS in parcels.pl 2017-08-29 12:00:37 -03:00
parcels.tt Bug 19114 - Stored XSS in parcels.pl 2017-08-29 12:00:37 -03:00
spent.tt
supplier.tt Bug 19086: (follow-up) Fix Stored XSS in supplier.pl 2017-09-29 12:20:45 -03:00
transferorder.tt Bug 11122: Follow up - Fix some display issues and typos 2017-06-05 11:48:16 -03:00
uncertainprice.tt Bug 18652: Get rid of tt directive in translation for uncertainprice.tt 2017-08-30 16:43:35 -03:00
z3950_search.tt Bug 17487: Styling moved from style attribute into staff-global.css 2017-01-20 14:11:55 +00:00