Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Main Koha release repository https://koha-community.org
30825 commits 35 branches 612 tags 1.8 GiB
Perl 45.3%
JavaScript 39.4%
HTML 7.2%
XSLT 3.9%
Vue 1.4%
Other 2.3%
Find a file
Josef Moravec b59988f78d Bug 19738: Fix XSS on vendor name in serials module 
Test plan:

1) do not apply this patch
2) Have at least one vendor which name does contain javascript, for
example: <i>Vendor 1</i><script>alert('Hi');</script>
3) go to serial module and create new subscription
4) use "Search for vendor"
5) Search for your vendor, when search results table is presented, the
javascript is executed
6) go through subscription creation and save the new subscription
7) On subscription detail page, the javascript is executed as well
8) apply this patch
9) Repeat 3-7, the script is not executed, the input is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-15 16:04:40 -03:00
acqui Bug 19993: use Modern::Perl in Acquisition perl scripts 2018-02-05 09:45:47 -03:00
admin Bug 20157: Save the features that have been checked 2018-02-12 15:42:21 -03:00
api/v1 Bug 20144: (follow-up) Adjust /patrons endpoint 2018-02-13 16:08:47 -03:00
authorities Bug 20063: (bug 18811 follow-up) Allow hidden $9 subfields 2018-01-22 13:44:42 -03:00
basket Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
C4 Bug 20144: [sql_modes] Fix GROUP BY clause in Virtualshelves search (DT) 2018-02-13 13:59:01 -03:00
catalogue Bug 20157: Do not display OPAC groups on the staff interface 2018-02-12 15:42:22 -03:00
cataloguing Bug 19996: (RM follow-up 2) Remove commented use warnings; 2018-02-15 11:23:51 -03:00
circ Bug 15752: (QA follow-up) Remove unecessary redirect 2018-02-12 17:38:58 -03:00
clubs Bug 18632: Remove 'CGI::param called in list context' warnings 2017-05-28 22:25:22 -04:00
course_reserves Bug 19230: Preventing warn when deleting course 2018-01-30 14:18:21 -03:00
debian Bug 20187: (QA follow-up) Replace N,L flag by L flag 2018-02-13 12:54:32 -03:00
docs Bug 7143: Update about page for new dev - Chad Billman 2018-02-12 18:07:20 -03:00
errors Bug 19998: use Modern::Perl in error perl scripts 2018-02-05 09:45:48 -03:00
etc Bug 20187: (QA follow-up) Replace N,L flag by L flag 2018-02-13 12:54:32 -03:00
ill Bug 7317: Display all the libraries, not only one 2017-11-09 13:31:10 -03:00
installer Bug 20144: DBRev 17.12.00.015 2018-02-13 14:12:41 -03:00
Koha Bug 20144: DBIC Schema changes 2018-02-13 14:17:03 -03:00
koha-tmpl Bug 19738: Fix XSS on vendor name in serials module 2018-02-15 16:04:40 -03:00
labels Bug 18403: Update permissions - borrowers => 1|* becomes borrowers => 'edit_borrowers' 2018-02-12 15:41:37 -03:00
members Bug 18403: Fix few errors found with hit_pages.t 2018-02-12 15:41:43 -03:00
misc Bug 19451: (QA follow-up) Replace weird subquery 2018-02-12 18:02:00 -03:00
offline_circ Bug 20018: use Modern::Perl in offline_circ scripts 2018-02-05 09:46:45 -03:00
opac Bug 19301: (QA follow-up) Add POD, use statements and correct typo 2018-02-13 13:36:00 -03:00
OpenILS
patron_lists
patroncards Bug 20010: use Modern::Perl in Patroncards perl scripts 2018-02-05 09:46:44 -03:00
plugins Bug 20011: use Modern::Perl in plugins perl scripts 2018-02-05 09:46:44 -03:00
reports Bug 19671: Map itemtypes to hash for correct display in issues_stats.pl 2018-02-13 12:50:18 -03:00
reserve Bug 18403: Use patron-title.inc when hidepatronname is used 2018-02-12 15:41:38 -03:00
reviews Bug 18403: Patron reviews 2018-02-12 15:41:41 -03:00
rotating_collections
serials Bug 20015: use Modern::Perl in Serials perl script 2018-02-05 09:46:45 -03:00
services Bug 20019: use Modern::Perl in misc perl scripts 2018-02-05 09:47:08 -03:00
skel
suggestion Bug 20019: use Modern::Perl in misc perl scripts 2018-02-05 09:47:08 -03:00
svc Bug 18403: Update permissions - borrowers => 1|* becomes borrowers => 'edit_borrowers' 2018-02-12 15:41:37 -03:00
t Bug 20204: Add TestBuilder to replace CPL branch 2018-02-15 11:15:53 -03:00
tags Bug 20019: use Modern::Perl in misc perl scripts 2018-02-05 09:47:08 -03:00
test Bug 9819 - 'stopwords'-related code removed 2015-12-30 15:49:35 +00:00
tmp/modified_authorities
tools Bug 18403: Patron reviews 2018-02-12 15:41:41 -03:00
virtualshelves Bug 20019: use Modern::Perl in misc perl scripts 2018-02-05 09:47:08 -03:00
xt Bug 20020: use Modern::Perl in XT scripts 2018-02-05 09:47:09 -03:00
.editorconfig Bug 12545: Add EditorConfig.org file to the source tree 2014-08-22 11:07:45 -03:00
.htaccess
.mailmap Update mailmap - Jonathan Druart 2017-06-21 12:42:19 -03:00
about.pl Bug 19542: (QA follow-up) Remove debug warn 2017-12-11 14:30:42 -03:00
changelanguage.pl Bug 20019: use Modern::Perl in misc perl scripts 2018-02-05 09:47:08 -03:00
edithelp.pl Bug 18403: Update permissions - borrowers => 1|* becomes borrowers => 'edit_borrowers' 2018-02-12 15:41:37 -03:00
fix-perl-path.PL
help.pl Bug 20019: use Modern::Perl in misc perl scripts 2018-02-05 09:47:08 -03:00
INSTALL
install-CPAN.pl Bug 9978: Replace license header with the correct license (GPLv3+) 2015-04-20 09:59:38 -03:00
Koha.pm Bug 20144: DBRev 17.12.00.015 2018-02-13 14:12:41 -03:00
koha_perl_deps.pl Bug 20019: use Modern::Perl in misc perl scripts 2018-02-05 09:47:08 -03:00
kohaversion.pl
LICENSE Bug 9440 - update Koha's LICENSE file from GPL2 to GPL3 2013-02-12 08:52:10 -05:00
mainpage.pl Bug 18403: Article requests 2018-02-12 15:41:41 -03:00
Makefile.PL Bug 17951: (follow-up) Make Makefile.PL handle template_cache_dir config 2017-12-22 13:15:39 -03:00
MANIFEST.SKIP
README
README.md
README.robots Bug 6411 add another example to README.robots 2011-07-05 14:48:05 +12:00
rewrite-config.PL Bug 17951: (follow-up) Make Makefile.PL handle template_cache_dir config 2017-12-22 13:15:39 -03:00

README.md

Koha is a free software integrated library system (ILS).

Koha is distributed under the GNU GPL version 3 or later.

Note: This is a synced mirror of the official Koha repo.

Note: Koha does not accept pull requests from git hosting sites.

Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-community.org.

For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch

The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook

http://koha-community.org/

Koha Logo