Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en
History
Jonathan Druart b543fa74fe Bug 17038: Fix XSS in catalogue/search.pl 
Test plan:
Search for something like:
  \";alert(1)//135

=> Without this patch you will see the alert
=> With this patch, no more alert

Note that this fix the parameters idx, q and op

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:20:51 +00:00
..
data Bug 16608 - Missing entity nbsp in some XML files 2016-06-10 17:40:55 +00:00
includes Bug 17025: Fix XSS in serials-search.pl 2016-08-10 13:17:19 +00:00
js Bug 16795 - Patron categories: Accept integers only for enrolment period and age limits 2016-07-08 13:15:31 +00:00
modules Bug 17038: Fix XSS in catalogue/search.pl 2016-08-10 13:20:51 +00:00
xslt Bug 16608 - Missing entity nbsp in some XML files 2016-06-10 17:40:55 +00:00
columns.def Bug 15373: More changes of Zip to ZIP on intranet 2015-12-30 16:30:35 +00:00