Koha/koha-tmpl/intranet-tmpl at 951f3346a25c7f2883f834398055c2413b8f9c9b - Koha-community/Koha - Koha: The world's first free and open source library system

History

Chris Cormack 951f3346a2 Bug 13425 - XSS in intranet facets - Patch for 3.18 and master To Test 1/ Craft a url like /cgi-bin/koha/catalogue/search.pl?q=smith&sort_by='"><script>prompt('Happy_Holidays')</script> It is important it must return results and facets 2/ Notice the js is executed 3/ Apply the patch test again Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de> No prompts, no functional regressions found. Checked selecting and undoing facets, show more links and paging. Signed-off-by: Mason James <mtj@kohaaloha.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>		2014-12-26 21:03:17 -03:00
..
js	Bug 12481: Staff client detail-view "next" link is greyed out when the last search result of any results page is clicked or navigated into	2014-07-03 09:52:33 -03:00
lib	Bug 9043: Add a wonderful image	2014-11-26 11:20:47 -03:00
prog	Bug 13425 - XSS in intranet facets - Patch for 3.18 and master	2014-12-26 21:03:17 -03:00