Koha/koha-tmpl at abf1b6596c39b55b8a929c9c0329d113ea1f72df - Koha-community/Koha - Koha: The world's first free and open source library system

History

Jonathan Druart abf1b6596c Bug 20982: Sanitize category to prevent XSS on opac-shelves.pl == Test plan == 1. Go to http://localhost:8080/cgi-bin/koha/opac-shelves.pl?category=function(){window.location.href%20=%20%27https://git.koha-community.org/stats/koha-master/authors.html%27}() 2. Note that you are redirected to another website 3. Apply the patch & restart services 4. Repeat the above and you are not redirected Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>	2021-05-26 09:26:54 +02:00
..
intranet-tmpl	Bug 28273: (follow-up) Remove unused variable	2021-05-20 08:43:34 +02:00
opac-tmpl	Bug 20982: Sanitize category to prevent XSS on opac-shelves.pl	2021-05-26 09:26:54 +02:00

Jonathan Druart abf1b6596c Bug 20982: Sanitize category to prevent XSS on opac-shelves.pl

== Test plan ==
1. Go to http://localhost:8080/cgi-bin/koha/opac-shelves.pl?category=function(){window.location.href%20=%20%27https://git.koha-community.org/stats/koha-master/authors.html%27}()
2. Note that you are redirected to another website
3. Apply the patch & restart services
4. Repeat the above and you are not redirected

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Signed-off-by: David Cook <dcook@prosentient.com.au>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

2021-05-26 09:26:54 +02:00

intranet-tmpl

Bug 28273: (follow-up) Remove unused variable

2021-05-20 08:43:34 +02:00

opac-tmpl

Bug 20982: Sanitize category to prevent XSS on opac-shelves.pl

2021-05-26 09:26:54 +02:00