Main Koha release repository https://koha-community.org
Find a file
Amit Gupta a482880352 Bug 19108: Fix Stored XSS in biblio_framework.pl and marctagstructure.pl
To Test
1. Hit the page /cgi-bin/koha/admin/biblio_framework.pl?op=add_form
2. Add a text in the field Description that contains js
3. Save the page.
4. Notice js is execute
5. Click on Actions -> MARC structure
6. Apply patch and reload, the js is escaped

Fixed for both the pages biblio_framework.pl and marctagstructure.pl

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:51 -03:00
acqui Bug 19195: Do not explicitely force scalar context when unecessary 2017-09-19 11:57:10 -03:00
admin Bug 10132: Admin pages changes 2017-09-19 09:47:27 -03:00
api/v1 Bug 18282: operationId must be unique 2017-09-21 12:02:39 -03:00
authorities Bug 18149: Move CountUsage calls to Koha namespace 2017-09-19 11:47:32 -03:00
basket Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
C4 Bug 18137: List Mojolicious::Plugin::OpenAPI and JSON::Validator as dependencies 2017-09-21 11:27:05 -03:00
catalogue Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
cataloguing Bug 16204: Show friendly error message if trying to edit record which no longer exists 2017-09-19 11:47:33 -03:00
circ Bug 19059: Fix compilation issues 2017-09-12 12:42:59 -03:00
clubs
course_reserves Bug 18367 - (QA Followup) Only warn if doing a lookup and not having an item 2017-07-28 11:37:06 -03:00
debian Bug 18877: Add documentation on dbhost for koha-create help 2017-08-15 12:17:44 -03:00
docs
errors
etc Bug 18104 - allow SIP2 field AE (personal name ) to be customized 2017-07-06 14:52:54 -03:00
installer Bug 6758: DBRev 17.05.00.008 2017-09-19 14:15:23 -03:00
Koha Bug 18137: (QA-follow-up) Fix pod fail 2017-09-21 11:27:05 -03:00
koha-tmpl Bug 19108: Fix Stored XSS in biblio_framework.pl and marctagstructure.pl 2017-09-29 12:20:51 -03:00
labels Bug 18262: Koha::Biblio - Remove GetBiblioData - part 1 2017-07-14 12:22:23 -03:00
members Bug 12346: Display the correct number of pending patron modifications on the patron module home page 2017-09-12 12:08:45 -03:00
misc Bug 18739 - Add SVG version of staff-home-icons-sprite image 2017-09-19 11:47:32 -03:00
offline_circ Bug 17829: Move GetMember to Koha::Patron 2017-07-10 13:14:19 -03:00
opac Bug 19173: Add opac payment and marc conversion plugins to the pulldown filter list 2017-09-19 14:15:52 -03:00
OpenILS
patron_lists
patroncards Bug 18541: (QA follow-up) Fix wrong variable name ($layout_xml vs $print_layout_xml) 2017-09-19 11:47:32 -03:00
plugins Bug 19088: plugins-upload causes error log noise 2017-08-30 15:05:56 -03:00
reports Bug 18742: (QA followup) Fix indentation 2017-09-19 09:06:13 -03:00
reserve Bug 19059: Move C4::Reserves::CancelReserve to Koha::Hold->cancel 2017-09-12 12:42:58 -03:00
reviews Bug 18262: Koha::Biblio - Remove GetBiblioData - part 1 2017-07-14 12:22:23 -03:00
rotating_collections
serials Bug 19130: (followup) Controller scripts should preserve behaviour 2017-08-25 11:53:44 -03:00
services
skel
sms
suggestion Bug 18839: Suggestion.pl spelling mistake 2017-07-13 16:42:04 -03:00
svc Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
t Bug 19385: Fix random t/Calendar.t failure - clear the cache before 2017-09-28 15:19:57 -03:00
tags Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
test
tmp/modified_authorities
tools Bug 18149: Move CountUsage calls to Koha namespace 2017-09-19 11:47:32 -03:00
virtualshelves Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
xt Bug 19262: Remove xt/author/pod_spell.t 2017-09-12 11:30:07 -03:00
.editorconfig
.htaccess
.mailmap
about.pl Bug 18931 - Follow up - Typo fix in SQL statement 2017-07-26 13:50:56 -03:00
changelanguage.pl
edithelp.pl
fix-perl-path.PL
help.pl
INSTALL
install-CPAN.pl
Koha.pm Bug 6758: DBRev 17.05.00.008 2017-09-19 14:15:23 -03:00
koha_perl_deps.pl
kohaversion.pl
LICENSE
mainpage.pl
Makefile.PL Bug 19067: Map clubs/ into INTRANET_CGI_DIR in Makefile.PL 2017-08-10 11:25:33 -03:00
MANIFEST.SKIP
README
README.md
README.robots
rewrite-config.PL

Koha is a free software integrated library system (ILS).

Koha is distributed under the GNU GPL version 3 or later.

Note: This is a synced mirror of the official Koha repo.

Note: Koha does not accept pull requests from git hosting sites.

Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-community.org.

For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch

The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook

http://koha-community.org/

Koha Logo