Koha/koha-tmpl/intranet-tmpl/prog/en/modules
Amit Gupta a482880352 Bug 19108: Fix Stored XSS in biblio_framework.pl and marctagstructure.pl
To Test
1. Hit the page /cgi-bin/koha/admin/biblio_framework.pl?op=add_form
2. Add a text in the field Description that contains js
3. Save the page.
4. Notice js is execute
5. Click on Actions -> MARC structure
6. Apply patch and reload, the js is escaped

Fixed for both the pages biblio_framework.pl and marctagstructure.pl

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:51 -03:00
..
acqui Bug 19086: (follow-up) Fix Stored XSS in supplier.pl 2017-09-29 12:20:45 -03:00
admin Bug 19108: Fix Stored XSS in biblio_framework.pl and marctagstructure.pl 2017-09-29 12:20:51 -03:00
authorities Bug 17380: [QA Follow-up] Report error to user instead of throwing exception 2017-09-12 12:07:48 -03:00
basket
batch
catalogue Bug 18654 - Translatability: Get rid of tt directives starting with [%% in translation for itemsearch.tt 2017-09-12 10:16:20 -03:00
cataloguing Bug 16204: Show friendly error message if trying to edit record which no longer exists 2017-09-19 11:47:33 -03:00
circ Bug 19086: Fix Stored XSS in circulation.pl 2017-09-29 12:20:44 -03:00
clubs Bug 19215: Fixing typo in URL for patron clubs 2017-09-06 12:55:23 -03:00
common
course_reserves Bug 19228: Trigger confirm delete when removing item from course 2017-09-07 13:56:38 -03:00
errors
help
installer Bug 18629: (followup) Plain text "Continue..." instead of BLOCK 2017-08-30 16:43:34 -03:00
labels Bug 19050 - XSS Flaws in Quick spine label creator 2017-08-29 12:00:37 -03:00
members Bug 19125: Fix Stored XSS in members.pl 2017-09-29 12:20:45 -03:00
offline_circ
onboarding Bug 18649: Translatability: Get rid of tt directive in translation for admin/categories.tt and onboardingstep2.tt 2017-08-30 16:43:35 -03:00
patron_lists Bug 18871: Make patron list name a link to view contents of list 2017-08-30 16:51:21 -03:00
patroncards Bug 18541 - Patron card creator: Add a grid to support layout design 2017-09-19 11:47:32 -03:00
plugins Bug 19173: Add opac payment and marc conversion plugins to the pulldown filter list 2017-09-19 14:15:52 -03:00
reports Bug 19054 - XSS Flaws in Report - Top Most-circulated items 2017-08-29 12:00:37 -03:00
reserve Bug 14353 - Show 'damaged' and other status on the 'place holds' page in staff 2017-09-01 13:00:05 -03:00
reviews
rotating_collections
serials Bug 19086: Fix Stored XSS in subscription-detail.pl 2017-09-29 12:20:45 -03:00
services
sms
suggestion Bug 18581 - Add standard edit and delete buttons to suggestions list 2017-08-25 10:59:04 -03:00
tags
test
tools Bug 14316: Clarify meaning of record number in Batch record modification tool 2017-09-01 13:02:26 -03:00
virtualshelves
about.tt Bug 18739 - Add SVG version of staff-home-icons-sprite image 2017-09-19 11:47:32 -03:00
auth.tt
intranet-main.tt