Koha/koha-tmpl/opac-tmpl/bootstrap
Chris Cormack c47c835672 Bug 16597: Fix XSS in opac-shareshelf
To test
1/ Go to /cgi-bin/koha/opac-shareshelf.pl?op="><script>alert('XSS')</script>&shelfnumber=5
2/ Notice you see a js alert
3/ Apply patch
4/ It is gone

Reported by
Alex Middleton at Dionach

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-30 11:14:03 +00:00
..
css Bug 16220 [Compiled CSS] The view tabs on opac-detail.pl are not responsive 2016-04-22 23:02:49 +00:00
en Bug 16597: Fix XSS in opac-shareshelf 2016-05-30 11:14:03 +00:00
images
itemtypeimg
js Bug 16516: Define the showListsUpdate JS function at the OPAC 2016-05-23 17:40:51 +00:00
less Bug 16220 - The view tabs on opac-detail.pl are not responsive 2016-04-22 23:02:49 +00:00
lib