Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/modules/admin
History
Chris 91a8584aa8 Bug 14423: XSS issues in marc_subfields_structure 
1/ Hit a url like http://localhost:8081/cgi-bin/koha/admin/marc_subfields_structure.pl?op=add_form&tagfield=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
2/ Notice all the alert boxes
3/ Apply patch
4/ Reload page, no more alerts
5/ Test functionality still works

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-23 10:12:11 -03:00
..
preferences Bug 14394: fix documentation of OpacHiddenItems 2015-06-22 11:24:36 -03:00
admin-home.tt Bug 12412: Add ability for plugins to convert arbitrary files to MARC from record staging tool 2015-05-04 15:33:51 -03:00
aqbudgetperiods.tt Bug 13861: \n in confirmation message on closing a budget 2015-03-19 14:04:09 -03:00
aqbudgets.tt Bug 13891: DataTables server-side processing - budget users 2015-04-13 10:55:13 -03:00
aqcontract.tt Bug 2889 - templates should use [% IF ( loop.odd ) %] - Administration 2014-10-15 17:59:12 -03:00
aqplan.tt Bug 4277: Display the correct budget planning after saving 2015-03-31 14:15:07 -03:00
auth_subfields_structure.tt Bug 14423: XSS bug in auth_subfields_structure 2015-06-23 10:12:03 -03:00
auth_tag_structure.tt Bug 11812 - Add missing "required" indicator to fields which are required 2014-10-22 14:04:43 -03:00
authorised_values.tt Bug 13587: Fix Authorised Values Toolbar 2015-01-21 10:56:43 -03:00
authtypes.tt Bug 10947: Fix editing the default authority type 2015-05-19 09:25:59 -03:00
biblio_framework.tt Bug 2889 - templates should use [% IF ( loop.odd ) %] - Administration 2014-10-15 17:59:12 -03:00
branch_transfer_limits.tt Bug 2889 - templates should use [% IF ( loop.odd ) %] - Administration 2014-10-15 17:59:12 -03:00
branches.tt Bug 13441 - Branchcodes should not be allowed to have spaces in them 2015-02-05 15:08:44 -03:00
categorie.tt Bug 14265 - Use $.trim instead of trim() in admin/categorie.tt 2015-06-01 14:16:21 -03:00
checkmarc.tt
cities.tt Bug 14033: Capitalization: confirmation message on deleting an authority type 2015-05-06 10:39:48 -03:00
classsources.tt Bug 14033: Capitalization: confirmation message on deleting an authority type 2015-05-06 10:39:48 -03:00
clone-rules.tt Bug 2889 - templates should use [% IF ( loop.odd ) %] - Administration 2014-10-15 17:59:12 -03:00
columns_settings.tt Bug 13866: Columns configuration - Patrons search 2015-04-10 10:31:21 -03:00
currency.tt Bug 14033: Capitalization: confirmation message on deleting an authority type 2015-05-06 10:39:48 -03:00
didyoumean.tt
fieldmapping.tt
item_circulation_alerts.tt
items_search_field.tt Bug 11425: Add item search form in staff interface 2014-11-04 19:08:12 -03:00
items_search_fields.tt Bug 11425: Add item search form in staff interface 2014-11-04 19:08:12 -03:00
itemtypes.tt Bug 11944: (follow-up) Remove all utf8 filter from templates 2015-01-13 13:07:35 -03:00
koha2marclinks.tt Bug 2889 - templates should use [% IF ( loop.odd ) %] - Administration 2014-10-15 17:59:12 -03:00
marc_subfields_structure.tt Bug 14423: XSS issues in marc_subfields_structure 2015-06-23 10:12:11 -03:00
marctagstructure.tt Bug 14033: Capitalization: confirmation message on deleting an authority type 2015-05-06 10:39:48 -03:00
matching-rules.tt Bug 14033: Capitalization: confirmation message on deleting an authority type 2015-05-06 10:39:48 -03:00
oai_set_mappings.tt
oai_sets.tt
patron-attr-types.tt Bug 14033: Capitalization: confirmation message on deleting an authority type 2015-05-06 10:39:48 -03:00
preferences.tt Bug 13355: System preferences tab value wrong in templates 2014-12-17 19:49:36 -03:00
printers.tt Bug 2889 - templates should use [% IF ( loop.odd ) %] - Administration 2014-10-15 17:59:12 -03:00
smart-rules.tt Bug 14290: Add a table foot to circulation matrix 2015-06-22 11:53:30 -03:00
sru_modmapping.tt Bug 13941: [2/2] Fix <body> tags missing id/class 2015-04-24 09:47:38 -03:00
stopwords.tt Bug 14033: Capitalization: confirmation message on deleting an authority type 2015-05-06 10:39:48 -03:00
systempreferences.tt Bug 10235: Add DataTables filters on local use prefs 2015-05-14 12:23:10 -03:00
transport-cost-matrix.tt Bug 13941: [2/2] Fix <body> tags missing id/class 2015-04-24 09:47:38 -03:00
z3950servers.tt Bug 12823: Alert about defining the SRU search field mappings 2014-12-31 14:13:44 -03:00