Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Main Koha release repository https://koha-community.org
29556 commits 35 branches 616 tags 1.8 GiB
Perl 45.6%
JavaScript 39.3%
HTML 7.2%
XSLT 3.7%
Vue 1.4%
Other 2.3%
Find a file
Amit Gupta 861cec5773 Bug 19051 - XSS Flaws in - Batch item modification page 
1. Hit /cgi-bin/koha/tools/batchMod.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in the Barcode list (one barcode per line) text area.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Barcode list (one barcode per line) text area.
6. Notice it is no longer executed.
7. Fixes for both barcode and itemnumber.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
acqui Bug 19130: (followup) Controller scripts should preserve behaviour 2017-08-25 11:53:44 -03:00
admin Bug 18906: Display all funds the logged in user can use 2017-08-09 16:51:40 -03:00
api/v1 Bug 18763: Fix swagger/definitions.t 2017-06-14 14:36:28 -03:00
authorities Bug 17835: Replace GetItemTypes with Koha::ItemTypes 2017-04-14 10:43:51 -04:00
basket Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
C4 Bug 19134: C4::SMS falils on long driver name 2017-08-25 10:51:24 -03:00
catalogue Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
cataloguing Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
circ Bug 19080: Handle non-existing patrons gratefully 2017-08-25 11:03:37 -03:00
clubs Bug 18632: Remove 'CGI::param called in list context' warnings 2017-05-28 22:25:22 -04:00
course_reserves Bug 18367 - (QA Followup) Only warn if doing a lookup and not having an item 2017-07-28 11:37:06 -03:00
debian Bug 18877: Add documentation on dbhost for koha-create help 2017-08-15 12:17:44 -03:00
docs Bug 7143: Add Patricio Marrone to history.txt 2017-03-31 13:45:33 +00:00
errors
etc Bug 18104 - allow SIP2 field AE (personal name ) to be customized 2017-07-06 14:52:54 -03:00
installer Bug 16892: DBRev 17.05.00.004 2017-08-25 10:58:55 -03:00
Koha Bug 19130: (followup) Add POD 2017-08-25 11:53:44 -03:00
koha-tmpl Bug 19051 - XSS Flaws in - Batch item modification page 2017-08-29 12:00:37 -03:00
labels Bug 18262: Koha::Biblio - Remove GetBiblioData - part 1 2017-07-14 12:22:23 -03:00
members Bug 19080: Fix perlcritic in routing-lists.pl 2017-08-25 11:03:37 -03:00
misc Bug 19040: Update 2 occurrences of GetMarcBiblio in 22_to_30 2017-08-25 10:51:24 -03:00
offline_circ Bug 17829: Move GetMember to Koha::Patron 2017-07-10 13:14:19 -03:00
opac Bug 16892: Address error checking in comment #47 2017-08-25 10:51:25 -03:00
OpenILS
patron_lists
patroncards Bug 17829: Move GetMember to Koha::Patron 2017-07-10 13:14:19 -03:00
plugins
reports Bug 19061: [QA Follow-up] Wrong interpolation 2017-08-15 12:17:43 -03:00
reserve Bug 18262: Koha::Biblio - Remove GetBiblioData - part 1 2017-07-14 12:22:23 -03:00
reviews Bug 18262: Koha::Biblio - Remove GetBiblioData - part 1 2017-07-14 12:22:23 -03:00
rotating_collections
serials Bug 19130: (followup) Controller scripts should preserve behaviour 2017-08-25 11:53:44 -03:00
services
skel
sms
suggestion Bug 18839: Suggestion.pl spelling mistake 2017-07-13 16:42:04 -03:00
svc Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
t Bug 19126: Fix Members.t with IndependentBranches set 2017-08-25 12:12:04 -03:00
tags Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
test
tmp/modified_authorities
tools Bug 19080: Handle non-existing patrons gratefully 2017-08-25 11:03:37 -03:00
virtualshelves Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
xt Bug 18292: Tests do not need to return 1 - xt 2017-08-15 12:17:43 -03:00
.editorconfig
.htaccess
.mailmap Update mailmap - Jonathan Druart 2017-06-21 12:42:19 -03:00
about.pl Bug 18931 - Follow up - Typo fix in SQL statement 2017-07-26 13:50:56 -03:00
changelanguage.pl
edithelp.pl
fix-perl-path.PL
help.pl
INSTALL Bug 17626: Remove existing install instructions and link to the wiki pages instead 2016-11-22 11:29:07 +00:00
install-CPAN.pl
Koha.pm Bug 16892: DBRev 17.05.00.004 2017-08-25 10:58:55 -03:00
koha_perl_deps.pl
kohaversion.pl
LICENSE
mainpage.pl Bug 18432 : Follow up - Updating to use they/them 2017-04-21 10:56:43 -04:00
Makefile.PL Bug 19067: Map clubs/ into INTRANET_CGI_DIR in Makefile.PL 2017-08-10 11:25:33 -03:00
MANIFEST.SKIP
README
README.md Bug 15465: Fix typo in bugs.k-c.org 2017-05-26 11:45:31 -03:00
README.robots
rewrite-config.PL Bug 15427 : Enable TLS support for MySQL 2017-03-03 18:33:07 +00:00

README.md

Koha is a free software integrated library system (ILS).

Koha is distributed under the GNU GPL version 3 or later.

Note: This is a synced mirror of the official Koha repo.

Note: Koha does not accept pull requests from git hosting sites.

Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-community.org.

For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch

The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook

http://koha-community.org/

Koha Logo