Main Koha release repository https://koha-community.org
Find a file
Chris Cormack 90f3b84def Bug 11322: fix XSS bug in purchase suggestions - OPAC
1/ Add a suggestion in the opac, with lots of html
2/ View that suggestion in the OPAC, note the html is rendering
3/ Apply the patch
4/ Test again, in prog and bootstrap, no more rendered html

Signed-off-by: David Cook <dcook@prosentient.com.au>

Works as described.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-12-03 00:20:12 +00:00
acqui Bug 7791: (follow-up) add warning after deletion if some records were not deleted 2013-12-02 16:17:18 +00:00
admin Bug 11286: fix bug preventing adding a new subfield to an authority framework 2013-11-27 18:07:17 +00:00
authorities Bug 9282: (follow-up) remove log noise caused by authorities/ysearch.pl 2013-10-10 22:46:18 +00:00
basket Bug 9218: fix intranet cart email for non english templates 2013-10-31 23:53:25 +00:00
C4 Merge branch 'new/bug11269' into 3.14.x 2013-11-19 16:28:57 +00:00
catalogue Bug 9780: restrict the ability to delete a bib record associated with an order 2013-10-31 23:58:40 +00:00
cataloguing Bug 11054: Specify UTF-8 encoding when creating a child record 2013-10-31 23:23:10 +00:00
circ Bug 2693: add ability to filter by reviewer name on tag review page 2013-12-02 15:58:04 +00:00
course_reserves bug 8215: (followup) avoid spurious warning in Apache log 2013-05-21 16:01:08 -07:00
debian Bug 11284: Packaging updates for master branch 2013-11-27 15:37:45 +00:00
docs Bug 7143: Cleaning up docs/history.txt 2013-11-27 15:44:20 +00:00
errors
etc Bug 9830: Fix some indexes in UNIMARC item indexing 2013-10-21 15:38:49 +00:00
install_misc Bug 8798: DBIx::Class base classes for all Koha tables 2013-10-14 21:07:24 +00:00
installer Bug 11275: DBRev 3.15.00.002 2013-11-27 17:50:53 +00:00
Koha Bug 11275: (follow-up) update DBIC schema class files 2013-11-27 17:53:21 +00:00
koha-tmpl Bug 11322: fix XSS bug in purchase suggestions - OPAC 2013-12-03 00:20:12 +00:00
labels Bug 11222: fix crash that can occur in search for items to add to label batch 2013-11-23 19:54:38 +00:00
members Bug 11207: fix issue where SMS number couldn't be cleared when editing patron 2013-11-21 15:15:44 +00:00
misc Bug 6435: (follow-up) make -daemon really imply -a and -b 2013-11-24 18:20:56 +00:00
offline_circ Bug 10240: (follow-up) don't display patrons as lost or gone-no-address incorrectly 2013-10-11 01:57:05 +00:00
opac Bug 11242: fix opac-MARCdetail.pl display and warnings 2013-11-29 14:52:13 +00:00
OpenILS Bug 9239 QA follow-up: remove stray debug code 2013-03-16 21:32:34 -04:00
patron_lists Bug 10565: (follow-up) add new user permission for patron list management 2013-10-14 22:43:03 +00:00
patroncards Bug 10636 - patronimage should have borrowernumber as PK, not cardnumber 2013-10-14 21:08:02 +00:00
plugins Bug 7804 - Add Koha Plugin System - QA Followup 2 2013-03-20 14:50:19 -04:00
reports Bug 10718: fix items with no checkouts report 2013-09-08 20:04:43 +00:00
reserve Bug 10663: QA Followup: Typo in comment in renewscript 2013-08-16 01:39:16 +00:00
reviews Bug 1623 - Provide view of approved comments 2011-12-27 18:26:50 +01:00
rotating_collections Bug 9605: rotating collections permissions are wrong 2013-03-30 22:11:05 -04:00
selenium
serials Bug 11214: improve create/edit routing list links in serial collection page 2013-11-27 18:23:54 +00:00
services
skel Bug 7804 - Add Koha Plugin System 2013-03-20 14:49:47 -04:00
sms
suggestion Bug 9261: (follow-up) remove reference to deprecated DHTMLcalendar 2013-11-15 00:23:59 +00:00
svc Bug 7813: (follow-up) improvements for deleting local cover images 2013-09-21 18:11:13 +00:00
t Merge branch 'new/bug8854' 2013-11-19 16:12:42 +00:00
tags Bug 10730: Use DataTables on the tag review page 2013-09-25 16:47:59 +00:00
test Bug 5449: JSON malformed in Koha - Blocker with jQuery 1.4.x 2011-03-12 08:53:41 +13:00
tmp/modified_authorities
tools Bug 10996: Allow numeric subfields to be stripped on export 2013-11-21 17:53:02 +00:00
virtualshelves Bug 10853: All existing routing to get a CSV should return a MARC csv 2013-10-11 02:16:33 +00:00
xt Bug 11304: fix display of detail page holdings tab in translated Bootstrap theme 2013-11-27 16:52:02 +00:00
.htaccess
.mailmap
about.pl Bug 10915: (QA followup) warn if cannot read history.txt 2013-09-20 17:25:57 +00:00
changelanguage.pl
edithelp.pl 7368 Typo in edithelp.pl warning 2013-04-18 09:47:58 -04:00
fix-perl-path.PL
help.pl Bug 11238: contruct links to the appropriate manual version dynamically 2013-11-23 19:30:16 +00:00
INSTALL
install-CPAN.pl
INSTALL.debian
INSTALL.fedora7 Bug 7440 - Remove NoZebra vestiges 2013-03-19 21:17:04 -04:00
INSTALL.opensuse
INSTALL.ubuntu Bug 7764: (follow-up) editorial tweaks 2013-10-04 16:27:55 +00:00
koha_perl_deps.pl bug 10548: fix count of missing required dependencies by koha_perl_deps.pl 2013-07-11 14:03:32 +00:00
kohaversion.pl Bug 11275: DBRev 3.15.00.002 2013-11-27 17:50:53 +00:00
LICENSE Bug 9440 - update Koha's LICENSE file from GPL2 to GPL3 2013-02-12 08:52:10 -05:00
mainpage.pl Bug 10080 - Change system pref IndependantBranches to IndependentBranches 2013-05-22 07:58:23 -07:00
Makefile.PL Bug 10565: (follow-up) ensure that new patron_lists/ CGI directory is installed 2013-10-14 22:44:23 +00:00
MANIFEST.SKIP Bug 9546 : Updating make manifest tardist 2013-02-06 23:54:46 -05:00
README Bug 9440 - update Koha's LICENSE file from GPL2 to GPL3 2013-02-12 08:52:10 -05:00
README.robots
rewrite-config.PL Bug 10712: Save missing config variables to install log 2013-08-13 14:14:30 +00:00

Koha is a free software integrated library system.

Koha is distributed under the GNU GPL version 3 or later.
Please read the file LICENSE for more details.

To install or upgrade Koha, please see the INSTALL file appropriate
to your platform.

Report bugs at http://bugs.koha-community.org/

Visit the Koha Project website at http://www.koha-community.org/