Koha/koha-tmpl/opac-tmpl at b6ca2b0cd2d95e8aedbfd7c0c58ace8200620bf1 - Koha-community/Koha - Koha: The world's first free and open source library system

History

Chris Cormack b6ca2b0cd2 Bug 14418: XSS flaw in opac-shelves.pl To test: 1/ Create a list and add at least one item to it 2/ Hit a url like http://192.168.2.18/cgi-bin/koha/opac-shelves.pl?viewshelf=7&sort=author&direction=%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E Where the shelf id is the number of the list you created, notice the js is executed 3/ Apply the patch 4/ Reload the page notice the js is now escaped Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>	2015-06-22 11:00:10 -03:00
..
bootstrap	Bug 14418: XSS flaw in opac-shelves.pl	2015-06-22 11:00:10 -03:00
lib	Bug 13612 - Remove old YUI javacript libraries from opac-tmpl	2015-02-24 11:16:39 -03:00

Chris Cormack b6ca2b0cd2 Bug 14418: XSS flaw in opac-shelves.pl

To test:
1/ Create a list and add at least one item to it
2/ Hit a url like http://192.168.2.18/cgi-bin/koha/opac-shelves.pl?viewshelf=7&sort=author&direction=%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
  Where the shelf id is the number of the list you created, notice the js is executed
3/ Apply the patch
4/ Reload the page notice the js is now escaped

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

2015-06-22 11:00:10 -03:00

bootstrap

Bug 14418: XSS flaw in opac-shelves.pl

2015-06-22 11:00:10 -03:00

lib

Bug 13612 - Remove old YUI javacript libraries from opac-tmpl

2015-02-24 11:16:39 -03:00