Koha/koha-tmpl/intranet-tmpl/prog/en/modules/admin
Amit Gupta 6a68fd0330 Bug 19108: Fix Stored XSS in authtypes.pl
To Test
1. Hit the page /cgi-bin/koha/admin/authtypes.pl?op=add_form
2. Add a text in the field Description that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:50 -03:00
..
preferences Bug 10132: Admin pages changes 2017-09-19 09:47:27 -03:00
searchengine/elasticsearch
admin-home.tt Bug 18700 Fix grammar (data cannot be pluralized) 2017-06-05 11:46:58 -03:00
aqbudgetperiods.tt Bug 18351: Able to delete budget with funds 2017-09-12 11:28:53 -03:00
aqbudgets.tt
aqcontract.tt
aqplan.tt
audio_alerts.tt
auth_subfields_structure.tt
auth_tag_structure.tt
authorised_values.tt Bug 19128: Fix Stored XSS in admin/authorised_values.pl 2017-09-29 12:20:46 -03:00
authtypes.tt Bug 19108: Fix Stored XSS in authtypes.pl 2017-09-29 12:20:50 -03:00
biblio_framework.tt
branch_transfer_limits.tt Bug 18965 - branch transfer limits pagination save bug 2017-07-24 13:38:14 -03:00
branches.tt Bug 10132: (QA followup) Open LOC URL on a separate window 2017-09-19 09:47:28 -03:00
categories.tt Bug 19128: Fix Stored XSS in patron-attr-types.pl, authorised_values.pl and categories.pl 2017-09-29 12:20:45 -03:00
checkmarc.tt
cities.tt Bug 19034: XSS Flaws in Cities 2017-08-29 12:00:37 -03:00
classsources.tt Bug 19108: Fix Stored XSS in classsources.pl 2017-09-29 12:20:50 -03:00
clone-rules.tt
columns_settings.tt
currency.tt Bug 19033: XSS Flaws in Currencies and exchange page 2017-08-29 12:00:37 -03:00
didyoumean.tt
edi_accounts.tt Bug 18699: Get rid of %%] in translation for edi_accounts.tt 2017-06-16 17:04:08 -03:00
edi_ean_accounts.tt
fieldmapping.tt
item_circulation_alerts.tt
items_search_field.tt Bug 19108: Fix Stored XSS in items_search_fields.pl 2017-09-29 12:20:50 -03:00
items_search_fields.tt Bug 19108: Fix Stored XSS in items_search_fields.pl 2017-09-29 12:20:50 -03:00
itemtypes.tt Bug 19103: (follow-up) Fix Stored XSS in itemtypes.pl 2017-09-29 12:20:46 -03:00
koha2marclinks.tt
localization.tt
marc_subfields_structure.tt
marctagstructure.tt
matching-rules.tt Bug 19103: Fix Stored XSS in matching-rules.pl 2017-09-29 12:20:46 -03:00
oai_set_mappings.tt Bug 19108: Fix Stored XSS in oai_sets.pl 2017-09-29 12:20:47 -03:00
oai_sets.tt Bug 19108: Fix Stored XSS in oai_sets.pl 2017-09-29 12:20:47 -03:00
patron-attr-types.tt Bug 19103: Fix Stored XSS in patron-attr-types.pl 2017-09-29 12:20:46 -03:00
preferences.tt Bug 16726: [FOLLOW-UP] Putting text in h1 2017-09-01 13:00:07 -03:00
printers.tt
smart-rules.tt Bug 19027 - Circulation rules: Better wording for standard rules for all libraries 2017-08-10 16:25:35 -03:00
sms_providers.tt
sru_modmapping.tt
systempreferences.tt
transport-cost-matrix.tt
usage_statistics.tt
z3950servers.tt Bug 19034: XSS Flaws in Z39.50/SRU servers administration 2017-08-29 12:00:37 -03:00