Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/includes/html_helpers.inc
Katrin Fischer 2d30845601 Bug 19125: Fix Stored XSS in members.pl 
In preparation to test this patch:
- Add a patron list named <script>alert("patron list")</script>
- Add a library named <script>alert("library")</script>
- Add a patron category named <script>alert("patron category")</script>

To test:
- Access patron search page and do a search
- Verify that the alerts added above are executed
- Apply patch
- Verify that no alerts are displayed

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:45 -03:00

19 lines
712 B
HTML
Raw Blame History

[% BLOCK options_for_libraries %]
[% FOREACH l IN libraries %]
[% IF l.selected %]
<option value="[% l.branchcode | html %]" selected="selected">[% l.branchname %]</option>
[% ELSE %]
<option value="[% l.branchcode | html %]">[% l.branchname |html %]</option>
[% END%]
[% END %]
[% END %]
[% BLOCK options_for_authorised_value_categories %]
[% FOREACH avc IN authorised_value_categories %]
[% IF avc.selected %]
<option value="[% avc.category %]" selected="selected">[% avc.category %]</option>
[% ELSE %]
<option value="[% avc.category %]">[% avc.category %]</option>
[% END %]
[% END %]
[% END %]
View git blame Copy permalink