Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/modules/acqui
History
Katrin Fischer 13e65432ce Bug 19086: (follow-up) Fix Stored XSS in supplier.pl 
In preparation:
Make sure you enter <script>alert("sth")</script>
in all fields of a new vendor that are not validated
and save.

1) Access vendor summary page.
2) Verify scripts are executed
3) Apply patch
4) Verify scripts are on longer executed

This works in combination with the other patches for XSS
on this bug.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:45 -03:00
..
csv Bug 18331: POST_CHOMP everywhere! 2017-08-15 12:17:41 -03:00
tables Bug 16239: Update templates 2017-01-13 14:41:22 +00:00
acqui-home.tt Bug 15758: Koha::Libraries - Remove GetBranchName 2016-09-08 14:36:01 +00:00
addorder.tt Bug 15858: Use Font Awesome icons in dialog alert for addorder.tt 2016-02-24 03:13:12 +00:00
addorderiso2709.tt Bug 15503 (QA Followup) 2017-02-14 15:11:03 +00:00
ajax.tt
basket.tt Bug 19180: [FOLLOW-UP] Renaming all instances of 'name' variable to 'booksellername' 2017-09-19 11:47:33 -03:00
basketgroup.tt Bug 16239: Update templates 2017-01-13 14:41:22 +00:00
basketheader.tt Bug 19112 - Stored XSS in basketheader.pl page 2017-08-29 12:00:37 -03:00
booksellers.tt Bug 19112 - Stored XSS in basketheader.pl page 2017-08-29 12:00:37 -03:00
cancelorder.tt Bug 15951: Use Font Awesome icons for acquisitions order cancellation confirmation 2016-03-03 22:55:24 +00:00
edi_ean.tt Bug 7736: (QA followup) Add missing body id and class 2016-04-04 20:43:01 +00:00
edifactmsgs.tt Bug 16239 [CSS Follow-up] Upgrade Bootstrap in the staff client 2017-01-13 14:41:23 +00:00
edimsg.tt Bug 16738 - Improve EDIFACT messages template 2016-09-09 12:54:56 +00:00
histsearch.tt Bug 16241 - Move staff client CSS out of language directory 2016-04-29 13:54:37 +00:00
invoice-files.tt Bug 16241 - Move staff client CSS out of language directory 2016-04-29 13:54:37 +00:00
invoice.tt Bug 11122: Follow up - Fix some display issues and typos 2017-06-05 11:48:16 -03:00
invoices.tt Bug 19052 - XSS Flaws in - Invoice search page 2017-08-29 12:00:37 -03:00
lateorders.tt Bug 17446: Typo seleted 2016-10-11 16:54:10 +00:00
modordernotes.tt Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues 2016-02-11 19:39:53 +00:00
neworderbiblio.tt Bug 16239: Update templates 2017-01-13 14:41:22 +00:00
neworderempty.tt Bug 18525: (bug 14828 follow-up) FIX ordering from suggestion when item-level_itypes = biblio 2017-05-12 08:50:40 -04:00
neworderempty_duplicate.tt
newordersubscription.tt Bug 9896 - Show vendor in subscription search when creating an order for a subscription 2016-09-25 14:09:56 +00:00
newordersuggestion.tt Bug 17899 - Show only mine does not work in newordersuggestion.pl 2017-01-20 14:10:36 +00:00
ordered.tt Bug 17771: Add link to bibliographic record on spent/ordered lists in acquisitions 2017-01-19 11:44:29 +00:00
orderreceive.tt Bug 19114 - Stored XSS in parcels.pl 2017-08-29 12:00:37 -03:00
parcel.tt Bug 19114 - Stored XSS in parcels.pl 2017-08-29 12:00:37 -03:00
parcels.tt Bug 19114 - Stored XSS in parcels.pl 2017-08-29 12:00:37 -03:00
spent.tt Bug 17771 [QA Followup] - Tidy table html 2017-01-19 11:48:55 +00:00
supplier.tt Bug 19086: (follow-up) Fix Stored XSS in supplier.pl 2017-09-29 12:20:45 -03:00
transferorder.tt Bug 11122: Follow up - Fix some display issues and typos 2017-06-05 11:48:16 -03:00
uncertainprice.tt Bug 18652: Get rid of tt directive in translation for uncertainprice.tt 2017-08-30 16:43:35 -03:00
z3950_search.tt Bug 17487: Styling moved from style attribute into staff-global.css 2017-01-20 14:11:55 +00:00