Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Main Koha release repository https://koha-community.org
29778 commits 35 branches 616 tags 1.8 GiB
Perl 45.6%
JavaScript 39.3%
HTML 7.2%
XSLT 3.7%
Vue 1.4%
Other 2.3%
Find a file
Amit Gupta bfbba2339f Bug 19108: Fix Stored XSS in items_search_fields.pl 
To Test
1. Hit the page /cgi-bin/koha/admin/items_search_fields.pl
2. Add a text in the field Name and Label that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Fixed for new and edit page

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:50 -03:00
acqui Bug 19195: Do not explicitely force scalar context when unecessary 2017-09-19 11:57:10 -03:00
admin Bug 10132: Admin pages changes 2017-09-19 09:47:27 -03:00
api/v1 Bug 18282: operationId must be unique 2017-09-21 12:02:39 -03:00
authorities Bug 18149: Move CountUsage calls to Koha namespace 2017-09-19 11:47:32 -03:00
basket Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
C4 Bug 18137: List Mojolicious::Plugin::OpenAPI and JSON::Validator as dependencies 2017-09-21 11:27:05 -03:00
catalogue Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
cataloguing Bug 16204: Show friendly error message if trying to edit record which no longer exists 2017-09-19 11:47:33 -03:00
circ Bug 19059: Fix compilation issues 2017-09-12 12:42:59 -03:00
clubs
course_reserves Bug 18367 - (QA Followup) Only warn if doing a lookup and not having an item 2017-07-28 11:37:06 -03:00
debian Bug 18877: Add documentation on dbhost for koha-create help 2017-08-15 12:17:44 -03:00
docs
errors
etc
installer Bug 6758: DBRev 17.05.00.008 2017-09-19 14:15:23 -03:00
Koha Bug 18137: (QA-follow-up) Fix pod fail 2017-09-21 11:27:05 -03:00
koha-tmpl Bug 19108: Fix Stored XSS in items_search_fields.pl 2017-09-29 12:20:50 -03:00
labels
members Bug 12346: Display the correct number of pending patron modifications on the patron module home page 2017-09-12 12:08:45 -03:00
misc Bug 18739 - Add SVG version of staff-home-icons-sprite image 2017-09-19 11:47:32 -03:00
offline_circ
opac Bug 19173: Add opac payment and marc conversion plugins to the pulldown filter list 2017-09-19 14:15:52 -03:00
OpenILS
patron_lists
patroncards Bug 18541: (QA follow-up) Fix wrong variable name ($layout_xml vs $print_layout_xml) 2017-09-19 11:47:32 -03:00
plugins Bug 19088: plugins-upload causes error log noise 2017-08-30 15:05:56 -03:00
reports Bug 18742: (QA followup) Fix indentation 2017-09-19 09:06:13 -03:00
reserve Bug 19059: Move C4::Reserves::CancelReserve to Koha::Hold->cancel 2017-09-12 12:42:58 -03:00
reviews
rotating_collections
serials Bug 19130: (followup) Controller scripts should preserve behaviour 2017-08-25 11:53:44 -03:00
services
skel
sms
suggestion
svc Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
t Bug 19385: Fix random t/Calendar.t failure - clear the cache before 2017-09-28 15:19:57 -03:00
tags Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
test
tmp/modified_authorities
tools Bug 18149: Move CountUsage calls to Koha namespace 2017-09-19 11:47:32 -03:00
virtualshelves Bug 19040: Refactor GetMarcBiblio parameters 2017-08-25 10:23:42 -03:00
xt Bug 19262: Remove xt/author/pod_spell.t 2017-09-12 11:30:07 -03:00
.editorconfig
.htaccess
.mailmap
about.pl
changelanguage.pl
edithelp.pl
fix-perl-path.PL
help.pl
INSTALL
install-CPAN.pl
Koha.pm Bug 6758: DBRev 17.05.00.008 2017-09-19 14:15:23 -03:00
koha_perl_deps.pl
kohaversion.pl Bug 13758: Move the Koha version from kohaversion.pl 2015-05-07 11:39:04 -03:00
LICENSE Bug 9440 - update Koha's LICENSE file from GPL2 to GPL3 2013-02-12 08:52:10 -05:00
mainpage.pl
Makefile.PL Bug 19067: Map clubs/ into INTRANET_CGI_DIR in Makefile.PL 2017-08-10 11:25:33 -03:00
MANIFEST.SKIP
README
README.md
README.robots
rewrite-config.PL

README.md

Koha is a free software integrated library system (ILS).

Koha is distributed under the GNU GPL version 3 or later.

Note: This is a synced mirror of the official Koha repo.

Note: Koha does not accept pull requests from git hosting sites.

Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-community.org.

For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch

The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook

http://koha-community.org/

Koha Logo