Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/modules
History
Katrin Fischer 624eb9e1f5 Bug 19108: (follow-up) Fix Stored XSS in fieldmapping.pl and items_search_fields.pl 
To test:
- Add a framework with script in the description
- Access the Keywords to MARC mapping page
- Add an item search field where both name and label are script
- Try to edit/delete the added mapping

With the patch no script should be executed and everything
should still work ok.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:51 -03:00
..
acqui Bug 19086: (follow-up) Fix Stored XSS in supplier.pl 2017-09-29 12:20:45 -03:00
admin Bug 19108: (follow-up) Fix Stored XSS in fieldmapping.pl and items_search_fields.pl 2017-09-29 12:20:51 -03:00
authorities Bug 17380: [QA Follow-up] Report error to user instead of throwing exception 2017-09-12 12:07:48 -03:00
basket
batch
catalogue Bug 18654 - Translatability: Get rid of tt directives starting with [%% in translation for itemsearch.tt 2017-09-12 10:16:20 -03:00
cataloguing Bug 16204: Show friendly error message if trying to edit record which no longer exists 2017-09-19 11:47:33 -03:00
circ Bug 19086: Fix Stored XSS in circulation.pl 2017-09-29 12:20:44 -03:00
clubs Bug 19215: Fixing typo in URL for patron clubs 2017-09-06 12:55:23 -03:00
common
course_reserves Bug 19228: Trigger confirm delete when removing item from course 2017-09-07 13:56:38 -03:00
errors
help
installer Bug 18629: (followup) Plain text "Continue..." instead of BLOCK 2017-08-30 16:43:34 -03:00
labels
members Bug 19125: Fix Stored XSS in members.pl 2017-09-29 12:20:45 -03:00
offline_circ
onboarding Bug 18649: Translatability: Get rid of tt directive in translation for admin/categories.tt and onboardingstep2.tt 2017-08-30 16:43:35 -03:00
patron_lists Bug 18871: Make patron list name a link to view contents of list 2017-08-30 16:51:21 -03:00
patroncards Bug 18541 - Patron card creator: Add a grid to support layout design 2017-09-19 11:47:32 -03:00
plugins Bug 19173: Add opac payment and marc conversion plugins to the pulldown filter list 2017-09-19 14:15:52 -03:00
reports
reserve Bug 14353 - Show 'damaged' and other status on the 'place holds' page in staff 2017-09-01 13:00:05 -03:00
reviews
rotating_collections
serials Bug 19086: Fix Stored XSS in subscription-detail.pl 2017-09-29 12:20:45 -03:00
services
sms
suggestion
tags
test
tools Bug 14316: Clarify meaning of record number in Batch record modification tool 2017-09-01 13:02:26 -03:00
virtualshelves
about.tt Bug 18739 - Add SVG version of staff-home-icons-sprite image 2017-09-19 11:47:32 -03:00
auth.tt
intranet-main.tt