Main Koha release repository https://koha-community.org
Find a file
Jonathan Druart 9bdea2e369 Bug 16878: Fix XSS in opac-memberentry
The vars are gotten from the url and sent to the template as it. They
must be escaped.

Test plan:
I have not managed to create the original issue, so there is no test
plan for the XSS fix, but you can confirm there is no regression.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-08-04 19:22:00 +00:00
acqui Bug 16737 - Error when deleting EDIFACT message 2016-06-24 12:04:03 +00:00
admin Bug 6906 - show 'Borrower has previously issued... 2016-07-08 13:40:08 +00:00
api/v1 Bug 16271: Allow more filters on /api/v1/holds 2016-07-08 14:18:19 +00:00
authorities Bug 16154: CGI->multi_param - Force scalar context 2016-04-26 23:16:43 +00:00
basket Bug 15451: Koha::CsvProfiles - Remove the residue 2016-07-22 17:18:36 +00:00
C4 Bug 16715: Use Sereal::Decoder and Sereal::Encoder instead of Sereal 2016-08-02 14:29:02 +00:00
catalogue Bug 16490 - Add an "add to cart" link for each search results in the staff client 2016-06-24 13:45:41 +00:00
cataloguing Bug 14793: New cataloguing plugin unimarc_field_225a_bis 2016-07-22 17:27:36 +00:00
circ Bug 16849: Move IsDebarred to Koha::Patron->is_debarred 2016-07-15 18:08:14 +00:00
course_reserves Bug 16154: CGI->multi_param - Force scalar context 2016-04-26 23:16:43 +00:00
debian Bug 16777: Correct intranet search alias 2016-07-15 15:21:14 +00:00
docs Bug 7143 : More new devs 2016-07-22 17:14:08 +00:00
errors Bug 15288: Error pages: Code duplication removal and better translatability 2016-01-27 05:57:34 +00:00
etc Bug 16777: Correct intranet search alias 2016-07-15 15:21:14 +00:00
install_misc Bug 16770: Remove 2 other occurrences of libmemoize-memcached-perl 2016-06-24 14:05:56 +00:00
installer Bug 16573 - DBRev 16.06.00.012 2016-08-01 09:54:30 +00:00
Koha Bug 16715: Use Sereal::Decoder and Sereal::Encoder instead of Sereal 2016-08-02 14:29:02 +00:00
koha-tmpl Bug 16988 - Suspending a hold with AutoResumeSuspendedHolds disabled results in error 2016-08-04 19:20:22 +00:00
labels Bug 16154: CGI->multi_param - Assign a list 2016-04-26 23:16:43 +00:00
members Bug 16847: Remove C4::Members::GetTitles 2016-07-22 17:23:42 +00:00
misc Bug 15451: Do not considered a Resultset as a Result 2016-07-22 17:18:36 +00:00
offline_circ Bug 15764: Fix timestamp sent by KOCT 2016-02-23 20:53:18 +00:00
opac Bug 16878: Fix XSS in opac-memberentry 2016-08-04 19:22:00 +00:00
OpenILS
patron_lists Bug 16154: CGI->multi_param - Force scalar context 2016-04-26 23:16:43 +00:00
patroncards Bug 14138: Patroncard: Warn user if PDF creation fails 2016-07-15 15:00:56 +00:00
plugins Bug 14951: Remove C4::Dates from plugins/*.pl files 2015-10-06 10:29:42 -03:00
reports Bug 16760: fix Circulation Statistics wizard under Plack 2016-07-08 12:48:27 +00:00
reserve Bug 17028: Fix XSS in reserve/request.pl 2016-08-04 18:12:05 +00:00
reviews Bug 14779: Cannot paginate reviews 2015-09-07 11:38:26 -03:00
rotating_collections Bug 15066: Make transfer rotating collection works under Plack 2015-11-05 09:50:09 -03:00
serials Bug 15451: Koha::CsvProfiles - Remove the residue 2016-07-22 17:18:36 +00:00
services
skel
sms Bug 15258: Fix Perl scripts declaring unused variables 2015-12-30 17:24:45 -07:00
suggestion Bug 16154: CGI->multi_param - Declare a list 2016-04-26 23:16:42 +00:00
svc Bug 16508: Updating a syspref requires parameters_remaining_permissions 2016-06-06 17:33:18 +00:00
t Bug 15451: Koha::CsvProfiles - Remove the residue 2016-07-22 17:18:36 +00:00
tags Bug 16154: CGI->multi_param - Assign a list 2016-04-26 23:16:43 +00:00
test Bug 9819 - 'stopwords'-related code removed 2015-12-30 15:49:35 +00:00
tmp/modified_authorities
tools Bug 15451: Better error handling 2016-07-22 17:18:37 +00:00
virtualshelves Bug 15451: (followup) fix filename extension for csv file 2016-07-22 17:18:37 +00:00
xt Bug 16174: (QA followup) Fix remaining tests 2016-04-01 19:11:33 +00:00
.editorconfig
.htaccess
.mailmap (RM followup) .mailmap updates 2015-05-22 17:02:21 -03:00
about.pl Bug 12721 - Syspref StatisticsFields: Warning on About page and text change in System preferences 2016-04-29 02:48:30 +00:00
changelanguage.pl Bug 9978: (followup) Replace license header with the correct license (GPLv3+) 2015-04-20 09:59:43 -03:00
edithelp.pl Bug 16447: Remove occurrence of the borrow permission which does no longer exist 2016-05-05 21:28:14 +00:00
fix-perl-path.PL Bug 9978: (followup) Replace license header with the correct license (GPLv3+) 2015-04-20 09:59:43 -03:00
help.pl Bug 16724: Fix link to the online documentation links 2016-06-24 12:00:42 +00:00
INSTALL
install-CPAN.pl
INSTALL.debian
INSTALL.fedora7 Bug 13642 - Remove MARC::Crosswalk::DublinCore from Koha 2016-01-27 06:23:08 +00:00
INSTALL.opensuse
INSTALL.ubuntu
Koha.pm Bug 16573 - DBRev 16.06.00.012 2016-08-01 09:54:30 +00:00
koha_perl_deps.pl
kohaversion.pl Bug 13758: Move the Koha version from kohaversion.pl 2015-05-07 11:39:04 -03:00
LICENSE
mainpage.pl Bug 15548: Move new patron related code to Patron* 2016-03-03 14:38:26 -07:00
Makefile.PL Bug 16770: Remove Memoize::Memcached dependency 2016-06-24 14:05:56 +00:00
MANIFEST.SKIP
README
README.md Bug 15465 [QA Followup] - Update wording, switch logo, add links 2016-02-24 04:02:26 +00:00
README.robots
rewrite-config.PL Bug 16222: (QA followup) Add /api dir for the API 2016-04-20 21:18:36 +00:00

Koha is a free software integrated library system (ILS).

Koha is distributed under the GNU GPL version 3 or later.

Note: This is a synced mirror of the official Koha repo.

Note: Koha does not accept pull requests from git hosting sites.

Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-comminity.org.

For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch

The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook

http://koha-community.org/

Koha Logo