Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en
History
Chris Cormack 951f3346a2 Bug 13425 - XSS in intranet facets - Patch for 3.18 and master 
To Test
1/ Craft a url like /cgi-bin/koha/catalogue/search.pl?q=smith&sort_by='"><script>prompt('Happy_Holidays')</script>

It is important it must return results and facets

2/ Notice the js is executed
3/ Apply the patch test again

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
No prompts, no functional regressions found.
Checked selecting and undoing facets, show more links and paging.
Signed-off-by: Mason James <mtj@kohaaloha.com>

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-12-26 21:03:17 -03:00
..
css Bug 13370: Inputs overflow in filter 2014-12-22 16:58:44 -03:00
data
includes Bug 13425 - XSS in intranet facets - Patch for 3.18 and master 2014-12-26 21:03:17 -03:00
js Bug 12839: aqbooksellers.gstreg is never used 2014-12-03 11:34:48 -03:00
lib/yui Bug 13139 - Move treeview jQuery plugin outside of language-specific directory 2014-10-27 12:36:53 -03:00
modules Bug 7143 : Adding missing developer to the about page 2014-12-22 16:55:40 -03:00
xslt Bug 13151 - staff marc preview not wrapping 2014-11-21 15:04:00 -03:00
columns.def Bug 11673: columns.def has swapped last and first name of alt contact 2014-08-07 16:17:21 -03:00