Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/modules/circ
History
Chris Cormack 50dcae4b50 Bug 19086: Fix Stored XSS in circulation.pl 
1/ To test add a message to a borrower that contains js
2/ hit /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number]
  where number is the borrowernumber of the borrower you set the message
  for
3/ Notice js is execute
4/ Apply patch, reload, js is escaped

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:44 -03:00
..
article-requests.tt Bug 16239: Update templates 2017-01-13 14:41:22 +00:00
bookcount.tt Bug 15758: Koha::Libraries - Remove GetBranches 2016-09-08 14:36:03 +00:00
branchoverdues.tt Bug 16530: Adding a circ sidebar navigation menu and circSidebar syspref to activate/deactivate 2017-03-03 18:34:36 +00:00
branchtransfers.tt Bug 16530: Adding a circ sidebar navigation menu and circSidebar syspref to activate/deactivate 2017-03-03 18:34:36 +00:00
circulation-home.tt Bug 16530: Add a new method to the Branches TT Plugin to avoid c/p 2017-03-03 18:34:36 +00:00
circulation.tt Bug 19086: Fix Stored XSS in circulation.pl 2017-09-29 12:20:44 -03:00
circulation_batch_checkouts.tt Bug 18276: Remove GetBiblioFromItemNumber - circulation pages 2017-07-10 12:09:24 -03:00
offline-mf.tt Bug 16239: Update templates 2017-01-13 14:41:22 +00:00
offline.tt Bug 16239: Update templates 2017-01-13 14:41:22 +00:00
on-site_checkouts.tt Bug 16530: Adding a circ sidebar navigation menu and circSidebar syspref to activate/deactivate 2017-03-03 18:34:36 +00:00
overdue.tt Bug 8548: Add datatable to circ overdue report, remove sortby filter 2017-03-31 12:35:47 +00:00
pendingreserves.tt Bug 18641 - Translatability: Get rid of template directives in translations for *reserves.tt files 2017-06-09 10:03:55 -03:00
printslip.tt Bug 17014 - Remove more event attributes from patron templates 2017-03-31 14:33:51 +00:00
renew.tt Bug 15582: Ability to block auto renewals if OPACFineNoRenewals is reached 2017-05-09 21:05:29 +00:00
request-article.tt Bug 16239: Update templates 2017-01-13 14:41:22 +00:00
reserveratios.tt Bug 16241 - Move staff client CSS out of language directory 2016-04-29 13:54:37 +00:00
returns.tt Bug 18966: Do not deal with duplicate issue_id on checkin 2017-07-26 13:50:57 -03:00
selectbranchprinter.tt Bug 16530: Adding a circ sidebar navigation menu and circSidebar syspref to activate/deactivate 2017-03-03 18:34:36 +00:00
transfer-slip.tt Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
transferstoreceive.tt Bug 16530: Adding a circ sidebar navigation menu and circSidebar syspref to activate/deactivate 2017-03-03 18:34:36 +00:00
view_holdsqueue.tt Bug 18881: [QA Follow-up] Remove even more 2017-07-06 14:29:04 -03:00
waitingreserves.tt Bug 18641 - Translatability: Get rid of template directives in translations for *reserves.tt files 2017-06-09 10:03:55 -03:00