Koha/koha-tmpl at b439003fbab22796d4a4cf8fad28eacfb24c6493 - Koha-community/Koha - Koha: The world's first free and open source library system

History

Phil Ringnalda b439003fba Bug 38961: XSS in vendor search acqui/booksellers.tt and admin/currency.tt use \| $HtmlTags without first filtering the string they wrap. Test plan: 1. Without the patch, load the URL in comment 1, note the alert() 2. Apply patch, load the URL in comment 1, no alert() Sponsored-by: Chetco Community Public Library Signed-off-by: Magnus Enger <magnus@libriotech.no> Followed the test plan, works as advertised. Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>	2025-03-06 13:54:47 +01:00
..
intranet-tmpl	Bug 38961: XSS in vendor search	2025-03-06 13:54:47 +01:00
opac-tmpl	Bug 36081: Use multivalue_preference	2025-03-06 13:54:36 +01:00

acqui/booksellers.tt and admin/currency.tt use | $HtmlTags without first
filtering the string they wrap.

Test plan:
1. Without the patch, load the URL in comment 1, note the alert()
2. Apply patch, load the URL in comment 1, no alert()

Sponsored-by: Chetco Community Public Library
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Followed the test plan, works as advertised.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

2025-03-06 13:54:47 +01:00

intranet-tmpl

Bug 38961: XSS in vendor search

2025-03-06 13:54:47 +01:00

opac-tmpl

Bug 36081: Use multivalue_preference

2025-03-06 13:54:36 +01:00