Koha/koha-tmpl/intranet-tmpl/prog/en/modules/suggestion at a050ca83b717c0212e4ae7d102ea1d1f13208edb - Koha-community/Koha - Koha: The world's first free and open source library system

History

Chris Cormack 368068c715 Bug 11322: fix XSS bug in purchase suggestions pages To test 1/ Switch on purchase suggestions 2/ On the public interface (OPAC) add a suggestion, put html in every field 3/ In the staff interface go to the suggestions page /cgi-bin/koha/suggestion/suggestion.pl 4/ Notice the html is rendered 5/ Click on a suggestion, notice the html is rendered on the show page also 6/ Apply the patch, check these two pages again, html should now be escaped Signed-off-by: David Cook <dcook@prosentient.com.au> Works as described. Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de> Passes all tests, thx Chris! Signed-off-by: Galen Charlton <gmc@esilibrary.com>	2013-12-03 00:19:18 +00:00
..
suggestion.tt	Bug 11322: fix XSS bug in purchase suggestions pages	2013-12-03 00:19:18 +00:00

Chris Cormack 368068c715 Bug 11322: fix XSS bug in purchase suggestions pages

To test
1/ Switch on purchase suggestions
2/ On the public interface (OPAC) add a suggestion, put html in every
field
3/ In the staff interface go to the suggestions page
/cgi-bin/koha/suggestion/suggestion.pl
4/ Notice the html is rendered
5/ Click on a suggestion, notice the html is rendered on the show page
also
6/ Apply the patch, check these two pages again, html should now be
escaped

Signed-off-by: David Cook <dcook@prosentient.com.au>

Works as described.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests, thx Chris!

Signed-off-by: Galen Charlton <gmc@esilibrary.com>

2013-12-03 00:19:18 +00:00

suggestion.tt

Bug 11322: fix XSS bug in purchase suggestions pages

2013-12-03 00:19:18 +00:00