Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/opac-tmpl/bootstrap
History
Katrin Fischer c667b9ddbf Bug 13609: Cross Site Scripting problem in authority search result list paging 
To test:
- Use an installation a reasonable amount of authorities, so that you can
  have a search result list with more than one page
- Activate OpacAuthorities
- Create an OPAC link like shown below, verify that an alert is shown
- Apply patch
- Refresh the page and no alert should appear
- Verify the paging still works correctly for 'numbers' and 'arrows'

URL:
.../cgi-bin/koha/opac-authorities-home.pl?and_or=and&marclist=match&op=do_search&operator=contains&orderby=HeadingAsc2"><script>prompt(987898)</script>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2015-01-22 16:39:14 -03:00
..
css Bug 10632 [Follow-up] Enable datatables for courses and course details in the OPAC 2014-11-11 16:07:33 -03:00
en Bug 13609: Cross Site Scripting problem in authority search result list paging 2015-01-22 16:39:14 -03:00
images
itemtypeimg
js Bug 13341 - Hard-coded "Preview" text in OPAC openlibrary.js 2014-12-28 20:44:26 -03:00
less Bug 9214 - Show damaged status in the OPAC for items which are not for loan 2014-11-11 15:13:03 -03:00
lib Bug 11743 - Remove unused DataTables plugin from OPAC theme directories 2014-02-18 21:27:57 +00:00