Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Main Koha release repository https://koha-community.org
30467 commits 35 branches 616 tags 1.8 GiB
Perl 45.6%
JavaScript 39.3%
HTML 7.2%
XSLT 3.7%
Vue 1.4%
Other 2.3%
Find a file
Kyle M Hall 950fc8e101 Bug 19319: Reflected XSS Vulnerability in opac-MARCdetail.pl 
Try going to this URL on your site: /cgi-bin/koha/opac-MARCdetail.pl?biblionumber=2"><TEST>

Test Plan:
1) Go to /cgi-bin/koha/opac-MARCdetail.pl?biblionumber=2"><TEST>
2) Note <TEST> is embedded all over the html
3) Apply this patch
4) Refresh the page, note the injection is gone!
5) run koha qa test tools

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-01-09 16:02:25 -03:00
acqui Bug 19813: Make MarcItemFieldsToOrder handle non-existing tags 2017-12-22 13:15:35 -03:00
admin Bug 16764: Update printers administration page 2017-12-22 13:15:38 -03:00
api/v1 Bug 19410: (follow-up) Add reserved params definitions 2017-12-11 17:46:59 -03:00
authorities Bug 19537: (QA follow-up) Consistent structures 2017-11-08 13:34:48 -03:00
basket Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
C4 Bug 19304: Move C4::Members::GetNoticeEmailAddress to Koha::Patron->notice_email_address 2018-01-02 11:46:40 -03:00
catalogue Bug 19807: Make IntranetCatalogSearchPulldown honor IntranetNumbersPreferPhrase 2018-01-02 12:58:55 -03:00
cataloguing Bug 19595: Clicking plugin link does not fill item's date acquired field 2017-12-07 10:09:51 -03:00
circ Bug 19899: Restore Item floats feature - do not crash 2018-01-08 14:23:36 -03:00
clubs Bug 18632: Remove 'CGI::param called in list context' warnings 2017-05-28 22:25:22 -04:00
course_reserves
debian Bug 17951: Make koha-create set template_cache_dir correctly 2017-12-22 13:15:39 -03:00
docs Bug 7143: Update about page for new dev - Isabel Grubi 2017-12-20 13:52:44 -03:00
errors
etc Bug 17951: (follow-up) Make Makefile.PL handle template_cache_dir config 2017-12-22 13:15:39 -03:00
ill Bug 7317: Display all the libraries, not only one 2017-11-09 13:31:10 -03:00
installer Bug 19756: Fix encoding issues during the update DB process 2017-12-21 13:21:12 -03:00
Koha Bug 19304: Move C4::Members::GetNoticeEmailAddress to Koha::Patron->notice_email_address 2018-01-02 11:46:40 -03:00
koha-tmpl Bug 19319: Reflected XSS Vulnerability in opac-MARCdetail.pl 2018-01-09 16:02:25 -03:00
labels Bug 19681: Correct result count formatting 2017-12-07 09:37:10 -03:00
members Bug 19621: Use Koha.Preference on template side to display/hide "Routing lists" tab 2017-12-22 13:15:36 -03:00
misc Bug 19304: Move C4::Members::GetNoticeEmailAddress to Koha::Patron->notice_email_address 2018-01-02 11:46:40 -03:00
offline_circ Bug 17829: Move GetMember to Koha::Patron 2017-07-10 13:14:19 -03:00
opac Bug 19319: Reflected XSS Vulnerability in opac-MARCdetail.pl 2018-01-09 16:02:25 -03:00
OpenILS
patron_lists
patroncards
plugins Bug 19088: plugins-upload causes error log noise 2017-08-30 15:05:56 -03:00
reports Bug 19669: (QA follow-up) Remove itemstypes.plugin 2017-12-21 13:07:11 -03:00
reserve Bug 19300: Replace C4::Reserves::OPACItemHoldsAllowed 2018-01-02 11:46:39 -03:00
reviews Bug 19808: Handle deleted reviewers gracefully - reviews/reviewswaiting.pl 2017-12-21 11:07:37 -03:00
rotating_collections
serials Bug 19315: Prevent crash if no items and not library set for the subscription 2017-12-21 10:51:03 -03:00
services
skel
suggestion
svc Bug 19536: Odd number of elements in anonymous hash in svc/bib 2017-11-26 13:15:58 -03:00
t Bug 19304: (QA follow-up) Fix number of tests in Members.t 2018-01-02 11:46:40 -03:00
tags
test Bug 9819 - 'stopwords'-related code removed 2015-12-30 15:49:35 +00:00
tmp/modified_authorities
tools Bug 19621: Use Koha.Preference on template side to display/hide "Routing lists" tab 2017-12-22 13:15:36 -03:00
virtualshelves Bug 17214: Add records to lists by biblionumber 2017-10-27 14:10:26 -03:00
xt
.editorconfig
.htaccess Fix file permissions: if it is not a script, it should not be executable. 2010-04-16 00:40:34 -04:00
.mailmap
about.pl Bug 19542: (QA follow-up) Remove debug warn 2017-12-11 14:30:42 -03:00
changelanguage.pl
edithelp.pl
fix-perl-path.PL
help.pl
INSTALL
install-CPAN.pl
Koha.pm Bug 19278: DBRev 17.12.00.004 2017-12-11 17:46:59 -03:00
koha_perl_deps.pl
kohaversion.pl
LICENSE
mainpage.pl
Makefile.PL Bug 17951: (follow-up) Make Makefile.PL handle template_cache_dir config 2017-12-22 13:15:39 -03:00
MANIFEST.SKIP Bug 9546 : Updating make manifest tardist 2013-02-06 23:54:46 -05:00
README
README.md
README.robots
rewrite-config.PL Bug 17951: (follow-up) Make Makefile.PL handle template_cache_dir config 2017-12-22 13:15:39 -03:00

README.md

Koha is a free software integrated library system (ILS).

Koha is distributed under the GNU GPL version 3 or later.

Note: This is a synced mirror of the official Koha repo.

Note: Koha does not accept pull requests from git hosting sites.

Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-community.org.

For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch

The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook

http://koha-community.org/

Koha Logo