Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/opac-tmpl/bootstrap/en/modules
History
Chris Cormack c47c835672 Bug 16597: Fix XSS in opac-shareshelf 
To test
1/ Go to /cgi-bin/koha/opac-shareshelf.pl?op="><script>alert('XSS')</script>&shelfnumber=5
2/ Notice you see a js alert
3/ Apply patch
4/ It is gone

Reported by
Alex Middleton at Dionach

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-30 11:14:03 +00:00
..
errors Bug 16270 (followup) Typo authentification vs authentication 2016-04-29 14:44:26 +00:00
sco Bug 11498 - Prevent bypassing sco timeout with print dialog 2016-03-31 18:52:32 +00:00
svc Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
text
ilsdi.tt Bug 14257: Follow-up - Add documentation, fix typo, fix test 2016-03-31 20:31:06 +00:00
maintenance.tt Bug 15311 [QA Followup] - Remove use of .raw method as it's use was reverted 2016-02-26 14:21:16 +00:00
opac-account-pay-error.tt Bug 16473: Fix typo "an problem" vs "a problem" 2016-05-12 16:21:52 -06:00
opac-account.tt Bug 16473: Fix typo "an problem" vs "a problem" 2016-05-12 16:21:52 -06:00
opac-addbybiblionumber.tt Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
opac-advsearch.tt Bug 15411: Changing 'Non fiction' to 'Non-fiction' 2016-02-12 16:53:17 -07:00
opac-alert-subscribe.tt
opac-auth-detail.tt
opac-auth-MARCdetail.tt Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
opac-auth.tt Bug 15816: Redirect back to correct page after login 2016-05-13 12:38:14 +00:00
opac-authorities-home.tt
opac-authoritiessearchresultlist.tt Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
opac-basket.tt Bug 16095: Remove target="_blank" when a link refer to an external link 2016-03-21 20:44:52 +00:00
opac-blocked.tt Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
opac-browser.tt Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
opac-course-details.tt
opac-course-reserves.tt Bug 15699 [QA followup] - Only display firstname if present 2016-02-24 01:58:52 +00:00
opac-detail.tt Bug 16167: Remove Authorised value images prefs 2016-04-29 13:59:58 +00:00
opac-discharge.tt Bug 15823: Redirect opac-discharge.pl to 404 page 2016-05-06 04:20:48 +00:00
opac-downloadcart.tt Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
opac-downloadshelf.tt Bug 16599: Fix other potentials XSS for shelfname 2016-05-30 11:12:15 +00:00
opac-full-serial-issues.tt
opac-idref.tt [SIGNED-OFF] Bug 16210: Revert OPAC changes from Bug 15111 2016-04-20 16:06:31 +00:00
opac-imageviewer.tt Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
opac-ISBDdetail.tt Bug 16220 - The view tabs on opac-detail.pl are not responsive 2016-04-22 23:02:49 +00:00
opac-main.tt Bug 14305: RSS message correction follow-up 2016-04-29 12:44:08 +00:00
opac-MARCdetail.tt Bug 16220 - The view tabs on opac-detail.pl are not responsive 2016-04-22 23:02:49 +00:00
opac-memberentry-update-submitted.tt
opac-memberentry.tt Bug 16283: [QA Follow-up] Remove case sensitive message 2016-04-29 11:55:07 +00:00
opac-messaging.tt Bug 12528: Bug 9254: Followup - Rename pref to EnhancedMessagingPreferencesOPAC 2016-04-29 17:54:10 +00:00
opac-mymessages.tt Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
opac-news-rss.tt Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
opac-opensearch.tt Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
opac-overdrive-search.tt Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
opac-passwd.tt
opac-password-recovery.tt Bug 16471: Translatability: Fix issues in opac-password-recovery.tt 2016-05-16 17:45:13 +00:00
opac-privacy.tt
opac-readingrecord.tt Bug 16478: Fix checkout history tabs - intranet 2016-05-23 17:22:04 +00:00
opac-registration-confirmation.tt Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
opac-registration-email-sent.tt
opac-registration-invalid.tt
opac-reserve.tt Bug 15533 [QA Followup] - All itemtypes for all items showing in OPAC multi-hold 2016-04-29 10:26:05 +00:00
opac-restrictedpage.tt Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
opac-results-grouped.tt Bug 16599: Fix other potentials XSS for shelfname 2016-05-30 11:12:15 +00:00
opac-results.tt Bug 16167: Remove Authorised value images prefs 2016-04-29 13:59:58 +00:00
opac-retrieve-file.tt
opac-review.tt Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
opac-search-history.tt Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
opac-sendbasket.tt Bug 14614: Multiple URLs (856) in cart/list email are broken 2016-03-24 15:32:48 +00:00
opac-sendbasketform.tt Bug 16587 - opac-sendbasket.pl is open to XSS 2016-05-25 22:14:33 +00:00
opac-sendshelf.tt Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
opac-sendshelfform.tt Bug 16587 opac-sendshelf.pl is vulnerable to XSS 2016-05-25 22:14:33 +00:00
opac-serial-issues.tt Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
opac-shareshelf.tt Bug 16597: Fix XSS in opac-shareshelf 2016-05-30 11:14:03 +00:00
opac-shelves-rss.tt Bug 16599: Fix other potentials XSS for shelfname 2016-05-30 11:12:15 +00:00
opac-shelves.tt Bug 16597: Fix XSS in opac-shelves.pl 2016-05-30 11:14:03 +00:00
opac-showmarc.tt
opac-showreviews-rss.tt Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
opac-showreviews.tt Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
opac-suggestions.tt Bug 16328: follow-up for bug 15044 - Fix datatable error 2016-04-26 16:46:18 +00:00
opac-tags.tt Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
opac-tags_subject.tt Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
opac-topissues.tt Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
opac-user.tt Bug 15533 - Allow patrons and librarians to select itemtype when placing hold 2016-04-29 10:26:03 +00:00