Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-sendshelfform.tt
Chris Cormack 4e817ee04c Bug 16587 opac-sendshelf.pl is vulnerable to XSS 
To test
1/ Hit a url like
http://localhost:8080/cgi-bin/koha/opac-sendshelf.pl?email=%3Cscript%3Ealert(%27XSS%27)%3C%2Fscript%3Ezz%40zz&comment=tes&shelfid=4
2/ Notice you get a js alert
3/ Apply patch
4/ Notice the js is now escaped

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-25 22:14:33 +00:00

58 lines
3.2 KiB
Text
Raw Blame History

[% INCLUDE 'doc-head-open.inc' %]
<title>[% IF ( LibraryNameTitle ) %][% LibraryNameTitle %][% ELSE %]Koha online[% END %] catalog &rsaquo; Sending your list</title>
[% INCLUDE 'doc-head-close.inc' %]
[% BLOCK cssinclude %][% END %]
</head>
[% INCLUDE 'bodytag.inc' bodyid='sendshelf' bodyclass='popup' %]
<div class="main">
<div class="container-fluid">
<div class="row-fluid">
<div class="span12">
<div id="usersendshelfform">
[% IF ( email ) %]
[% IF ( SENT ) %]
<h1>Message sent</h1>
<div class="alert alert-success">
<p>The list was sent to: [% email | html %]</p>
</div>
<p><a class="focus close" href="/cgi-bin/koha/opac-shelves.pl?op=view&amp;shelfnumber=[% shelfid %]">Back to lists</a></p>
[% END %]
[% IF ( error ) %]
<div class="alert">
<p>There was an error sending the list.</p>
</div>
[% END %]
[% ELSE %]
[% IF ( invalidlist ) %]
<div class="alert">
<p>You do not have permission to send this list.</p>
</div>
<p><a class="button close" href="/cgi-bin/koha/opac-shelves.pl?op=view&amp;shelfnumber=[% shelfid %]">Back to lists</a></p>
[% ELSE %]
<h1>Sending your list</h1>
<form action="/cgi-bin/koha/opac-sendshelf.pl" method="post" id="sendshelfform">
<fieldset>
<label for="email">Email address:</label>
<input type="text" id="email" name="email" size="43" class="focus" />
<label for="comment">Comment:</label>
<textarea id="comment" name="comment" rows="4" cols="40"></textarea>
<input type="hidden" name="shelfid" value="[% shelfid %]" />
</fieldset>
<fieldset class="action">
<input type="submit" value="Send" class="btn" />
<a class="cancel close" href="/cgi-bin/koha/opac-shelves.pl?op=view&amp;shelfnumber=[% shelfid %]">Cancel</a>
</fieldset>
</form>
[% END # / IF invalidlist %]
[% END # / IF email %]
</div> <!-- / #usersendshelfform -->
</div> <!-- / .span12 -->
</div> <!-- / .row-fluid -->
</div> <!-- / .container-fluid -->
</div> <!-- / .main -->
[% INCLUDE 'opac-bottom.inc' is_popup=1 %]
[% BLOCK jsinclude %][% END %]
View git blame Copy permalink