Kyle M Hall
950fc8e101
Try going to this URL on your site: /cgi-bin/koha/opac-MARCdetail.pl?biblionumber=2"><TEST> Test Plan: 1) Go to /cgi-bin/koha/opac-MARCdetail.pl?biblionumber=2"><TEST> 2) Note <TEST> is embedded all over the html 3) Apply this patch 4) Refresh the page, note the injection is gone! 5) run koha qa test tools Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
38 lines
1.8 KiB
Text
38 lines
1.8 KiB
Text
[% USE Koha %]
|
|
[% INCLUDE 'doc-head-open.inc' %]
|
|
<title>[% IF ( LibraryNameTitle ) %][% LibraryNameTitle %][% ELSE %]Koha online[% END %] catalog › ISBD view</title>
|
|
[% INCLUDE 'doc-head-close.inc' %]
|
|
[% BLOCK cssinclude %][% END %]
|
|
</head>
|
|
[% INCLUDE 'bodytag.inc' bodyid='opac-isbddetail' bodyclass='scrollto' %]
|
|
[% INCLUDE 'masthead.inc' %]
|
|
<div class="main">
|
|
<ul class="breadcrumb">
|
|
<li><a href="/cgi-bin/koha/opac-main.pl">Home</a> <span class="divider">›</span></li>
|
|
<li><a href="#">ISBD view</a></li>
|
|
</ul>
|
|
|
|
<div class="container-fluid">
|
|
<div class="row-fluid">
|
|
<div class="span9">
|
|
<div id="opac-detail" class="maincontent">
|
|
<div id="usermarcdetail">
|
|
<div id="catalogue_detail_biblio">
|
|
<div id="views">
|
|
<span class="view"><a id="Normalview" href="/cgi-bin/koha/opac-detail.pl?biblionumber=[% biblio.biblionumber %]">Normal view</a></span> <span class="view"><a id="MARCview" href="/cgi-bin/koha/opac-MARCdetail.pl?biblionumber=[% biblio.biblionumber %]">MARC view</a></span> <span class="view current-view"><span id="ISBDview">ISBD view</span></span></div>
|
|
|
|
<div id="isbdcontents">[% ISBD %]</div>
|
|
|
|
</div> <!-- / #catalogue_detail_biblio -->
|
|
</div> <!-- / #usermarcdetail -->
|
|
</div> <!-- / #opac-detail -->
|
|
</div> <!-- / .span9 -->
|
|
<div class="span3">
|
|
[% INCLUDE 'opac-detail-sidebar.inc' %]
|
|
</div>
|
|
</div> <!-- / .row-fluid -->
|
|
</div> <!-- / .container-fluid -->
|
|
</div> <!-- / .main -->
|
|
|
|
[% INCLUDE 'opac-bottom.inc' %]
|
|
[% BLOCK jsinclude %][% END %]
|