Koha/C4
Jonathan Druart f021ca30a5 Bug 22478: Prevent XSS vulnerabilities when pagination appears
This is a bad one as we thought we were XSS safe since bug 13618.

The html code generated in C4::Output::pagination_bar must escape the
variables and values correctly.

This patch needs to be widely tested, everywhere the pagination appears,
to make sure we will not introduce regressions.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-05-02 13:40:26 +00:00
..
AuthoritiesMarc
Barcodes Bug 21937: Syspref autoBarcode annual doesn't increment properly barcode 2019-04-19 14:32:36 +00:00
ClassSortRoutine
ClassSplitRoutine Bug 15836: Add the ability to defined custom methods to split call number in labels 2018-11-13 15:18:22 +00:00
Creators Bug 15766: Fix incorrect GROUP BY 2018-10-24 17:15:36 +00:00
External Bug 22010: Check preferences for ebook integration 2019-04-30 11:42:51 +00:00
Form
Heading Bug 21826: (QA follow-up) Add UNIMARC support 2019-01-25 20:13:39 +00:00
ILSDI Bug 15496: (QA follow-up) Fix new uses of Koha::Biblio::items in list context 2019-04-26 12:07:04 +00:00
Installer Bug 22474: Clone field config before adding fields to it 2019-04-16 13:17:32 +00:00
Labels Bug 15836: Add the ability to defined custom methods to split call number in labels 2018-11-13 15:18:22 +00:00
Linker
Members
OAI
Output
Patroncards Bug 22429: Infinite loop in patron card printing 2019-03-15 11:59:28 +00:00
Reports Bug 22357: Do not duplicate report rows if several reports exist 2019-04-30 11:35:23 +00:00
Search
Serials
SIP Revert "Bug 15253: Add Koha::Logger based logging for SIP2" 2019-04-18 17:57:51 +00:00
Utils Bug 17353: Add phone number column to checkout search 2019-01-28 13:06:35 +00:00
Accounts.pm Bug 22600: Update Tests adding 'interface' as needed 2019-04-10 19:43:11 +00:00
Acquisition.pm Bug 21364: (QA follow-up) Fix QA script complaints (tabs and filters) 2019-04-30 12:45:42 +00:00
Auth.pm Bug 22692: Check for patron using cardnumber and userid 2019-05-02 13:39:06 +00:00
Auth_cas_servers.yaml.sample
Auth_with_cas.pm
Auth_with_ldap.pm Bug 22461: (follow-up) Use exists not defined 2019-04-26 17:51:09 +00:00
Auth_with_shibboleth.pm Bug 18507: Shibboleth auto-provisioning - Sync 2018-11-08 20:43:32 +00:00
AuthoritiesMarc.pm Bug 21962: Fix authority search using 'all' 2018-12-11 19:15:39 +00:00
BackgroundJob.pm
Barcodes.pm
Biblio.pm Bug 8995: (follow-up) Add tests, move open_url/coins routines to Koha namespace 2019-04-29 15:34:10 +00:00
Bookseller.pm
Boolean.pm
Breeding.pm Bug 22532: Remove Z39.50 random 2019-04-18 10:48:10 +00:00
Budgets.pm Bug 10577: (QA follow-up) Remove tab chars 2019-03-28 12:46:14 +00:00
Calendar.pm
Charset.pm
Circulation.pm Bug 15496: (QA follow-up) Fix remaining cases 2019-04-26 17:52:53 +00:00
ClassSortRoutine.pm
ClassSource.pm Bug 15836: Remove deprecated subroutines 2018-11-13 18:56:18 +00:00
ClassSplitRoutine.pm Bug 15836: Add the ability to defined custom methods to split call number in labels 2018-11-13 15:18:22 +00:00
Context.pm Bug 22600: Add 'cron' to interface types and set appropriately 2019-04-10 19:43:11 +00:00
Contract.pm
CourseReserves.pm Bug 21206: Replace C4::Items::GetItem 2019-02-26 13:24:07 +00:00
Creators.pm
Debug.pm
Heading.pm Bug 21826: Remove strict and warning from Heading.pm 2019-01-25 20:13:41 +00:00
HoldsQueue.pm Bug 22330: Cache item and library objects when building the holds queue 2019-03-21 16:22:56 +00:00
HTML5Media.pm Bug 21742: Fix YouTube variable propagation 2018-11-01 18:59:33 +00:00
Images.pm Bug 21987: Do not generate true color thumbnails if not needed 2019-03-15 12:19:56 +00:00
ImportBatch.pm Bug 22532: Remove Z39.50 random 2019-04-18 10:48:10 +00:00
ImportExportFramework.pm Bug 18143: Silence ods MARC framework export flood 2019-02-19 13:52:15 +00:00
InstallAuth.pm
Installer.pm Bug 22472: Make column_exists early return if the table does not exist 2019-04-11 13:34:10 +00:00
ItemCirculationAlertPreference.pm
Items.pm Bug 14576: (follow-up) Using item objects, not hashrefs 2019-04-25 11:36:24 +00:00
Koha.pm
Labels.pm
Languages.pm Bug 18213: Add Template plugin and fix for C4/Languages 2019-03-28 15:57:32 +00:00
Letters.pm Bug 8000: (QA follow-up) Two lastminute fixes 2019-04-29 15:08:47 +00:00
Linker.pm
Log.pm Bug 22600: Add 'interface' to accountlines 2019-04-10 19:43:11 +00:00
MarcModificationTemplates.pm
Matcher.pm Bug 19365: Fix several issues with the Elasticsearch code 2018-11-26 16:11:01 +00:00
Members.pm Bug 19920: Removed unnecessary code from C4/Members.pm 2019-01-25 16:11:48 +00:00
Message.pm Bug 21206: Replace C4::Items::GetItem 2019-02-26 13:24:07 +00:00
NewsChannels.pm
Output.pm Bug 22478: Prevent XSS vulnerabilities when pagination appears 2019-05-02 13:40:26 +00:00
Overdues.pm Bug 22521: (QA follow-up) Corrections to tests 2019-04-17 16:49:36 +00:00
Patroncards.pm
Print.pm
Record.pm Bug 14385: Squash of a lot of patches rebased 2018-11-02 10:33:12 +00:00
Reports.pm
Reserves.pm Bug 14576: (follow-up) Using item objects, not hashrefs 2019-04-25 11:36:24 +00:00
Ris.pm
RotatingCollections.pm
Scheduler.pm
Scrubber.pm
Search.pm Bug 22695: Remove non-XSLT search results view from the staff client 2019-04-16 13:17:32 +00:00
Serials.pm Bug 22237: Subscriptions are not linked to Mana upon edit 2019-03-15 11:34:03 +00:00
Service.pm
ShelfBrowser.pm
SMS.pm
SocialData.pm
Stats.pm Bug 21683: Remove accountlines.accountno 2019-03-21 18:19:22 +00:00
Suggestions.pm Bug 21241: (follow-up) Made SQL change idempotent 2019-01-28 11:42:32 +00:00
Tags.pm
Templates.pm
TmplToken.pm
TmplTokenType.pm
TTParser.pm
UsageStats.pm Bug 14576: Allow arbitrary automatic update of location on checkin 2019-04-25 11:36:23 +00:00
XISBN.pm Bug 21235: Remove table services_throttle 2018-09-07 15:09:39 +00:00
XSLT.pm Bug 8995: (QA follow-up) Mock required sysprefs in the tests 2019-04-30 14:44:44 +00:00