Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Main Koha release repository https://koha-community.org
26521 commits 35 branches 616 tags 1.8 GiB
Perl 45.6%
JavaScript 39.3%
HTML 7.2%
XSLT 3.7%
Vue 1.4%
Other 2.3%
Find a file
Chris Cormack 4e817ee04c Bug 16587 opac-sendshelf.pl is vulnerable to XSS 
To test
1/ Hit a url like
http://localhost:8080/cgi-bin/koha/opac-sendshelf.pl?email=%3Cscript%3Ealert(%27XSS%27)%3C%2Fscript%3Ezz%40zz&comment=tes&shelfid=4
2/ Notice you get a js alert
3/ Apply patch
4/ Notice the js is now escaped

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-25 22:14:33 +00:00
acqui Bug 15531: (QA followup) Fix several small issues 2016-04-29 13:07:18 +00:00
admin Bug 16259: Replace CGI->param with CGI->multi_param in list context - part 2 2016-05-16 17:28:06 +00:00
api/v1 Bug 13903: (QA followup) change routes to /holds 2016-05-04 13:54:01 +00:00
authorities Bug 16154: CGI->multi_param - Force scalar context 2016-04-26 23:16:43 +00:00
basket Bug 16447: Remove occurrence of the borrow permission which does no longer exist 2016-05-05 21:28:14 +00:00
C4 Bug 13669: followup to add DBIx::RunSQL dependency 2016-05-25 09:57:31 +00:00
catalogue Bug 16259: Replace CGI->param with CGI->multi_param in list context - part 2 2016-05-16 17:28:06 +00:00
cataloguing Bug 16154: CGI->multi_param - Force scalar context 2016-04-26 23:16:43 +00:00
circ Bug 16499 [QA Followup] - Improve readability 2016-05-23 17:34:29 +00:00
course_reserves Bug 16154: CGI->multi_param - Force scalar context 2016-04-26 23:16:43 +00:00
debian Updating the Debian/control 2016-05-25 20:25:23 +00:00
docs
errors
etc Bug 15555: Index 024$a into Identifier-other:u url register when source $2 is uri 2016-04-29 13:19:28 +00:00
install_misc Bug 15303 Letsencrypt option for Debian package installations 2016-04-29 13:04:31 +00:00
installer Bug 13669: (alternative) use DBIx::RunSQL 2016-05-23 16:47:32 +00:00
Koha Bug 16539 - Koha::Cache is incorrectly caching single holidays 2016-05-23 16:48:57 +00:00
koha-tmpl Bug 16587 opac-sendshelf.pl is vulnerable to XSS 2016-05-25 22:14:33 +00:00
labels Bug 16154: CGI->multi_param - Assign a list 2016-04-26 23:16:43 +00:00
members Bug 15823: Can still access patron discharge slip without having the syspref on 2016-05-06 04:20:48 +00:00
misc Bug 16505: Make sure $as_xml will not be used later 2016-05-23 17:29:23 +00:00
offline_circ Bug 15764: Fix timestamp sent by KOCT 2016-02-23 20:53:18 +00:00
opac Bug 16476: Do not call CGI->param in list context, some more 2016-05-16 17:11:46 +00:00
OpenILS
patron_lists Bug 16154: CGI->multi_param - Force scalar context 2016-04-26 23:16:43 +00:00
patroncards Bug 15414: Silencing warns triggered by creating a new layout in patron card creator 2016-04-29 11:35:39 +00:00
plugins
reports Bug 11371 - Add a new report : Orders by fund with more options 2016-04-29 12:20:25 +00:00
reserve Bug 15533 [QA Followup] - Itemtype limit missing from tables 2016-04-29 10:26:04 +00:00
reviews
rotating_collections
selenium
serials Bug 16154: Fix some other occurrences 2016-04-26 23:16:44 +00:00
services
skel
sms
suggestion Bug 16154: CGI->multi_param - Declare a list 2016-04-26 23:16:42 +00:00
svc Bug 16259: Replace CGI->param with CGI->multi_param in list context - part 2 2016-05-16 17:28:06 +00:00
t Bug 15878 - Updated unit tests for hbyymmincr barcodes 2016-05-23 17:42:10 +00:00
tags Bug 16154: CGI->multi_param - Assign a list 2016-04-26 23:16:43 +00:00
test Bug 9819 - 'stopwords'-related code removed 2015-12-30 15:49:35 +00:00
tmp/modified_authorities
tools Bug 16550: Clean the tests 2016-05-23 17:37:48 +00:00
virtualshelves Bug 16484 - Virtualshelves: Using no XSLTResultsDisplay breaks content display in intranet 2016-05-23 17:25:24 +00:00
xt Bug 16174: (QA followup) Fix remaining tests 2016-04-01 19:11:33 +00:00
.editorconfig
.htaccess
.mailmap
about.pl Bug 12721 - Syspref StatisticsFields: Warning on About page and text change in System preferences 2016-04-29 02:48:30 +00:00
changelanguage.pl
edithelp.pl Bug 16447: Remove occurrence of the borrow permission which does no longer exist 2016-05-05 21:28:14 +00:00
fix-perl-path.PL
help.pl
INSTALL
install-CPAN.pl
INSTALL.debian
INSTALL.fedora7 Bug 13642 - Remove MARC::Crosswalk::DublinCore from Koha 2016-01-27 06:23:08 +00:00
INSTALL.opensuse
INSTALL.ubuntu
Koha.pm Bug 15086 - DBRev 3.23.00.064 2016-05-16 17:39:40 +00:00
koha_perl_deps.pl
kohaversion.pl
LICENSE
mainpage.pl Bug 15548: Move new patron related code to Patron* 2016-03-03 14:38:26 -07:00
Makefile.PL Bug 16222: (QA followup) Add /api dir for the API 2016-04-20 21:18:36 +00:00
MANIFEST.SKIP
README
README.md Bug 15465 [QA Followup] - Update wording, switch logo, add links 2016-02-24 04:02:26 +00:00
README.robots
rewrite-config.PL Bug 16222: (QA followup) Add /api dir for the API 2016-04-20 21:18:36 +00:00

README.md

Koha is a free software integrated library system (ILS).

Koha is distributed under the GNU GPL version 3 or later.

Note: This is a synced mirror of the official Koha repo.

Note: Koha does not accept pull requests from git hosting sites.

Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-comminity.org.

For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch

The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook

http://koha-community.org/

Koha Logo