Koha/koha-tmpl at cd4c959f7226b060f683f5571f030cc2df7539ca - Koha-community/Koha - Koha: The world's first free and open source library system

History

Chris Cormack cd4c959f72 Bug 14418: More XSS vulnerabilities in opac-shelves.pl To test: 1/ Hit a url like /cgi-bin/koha/opac-shelves.pl?viewshelf=7&op=modif&display="><script>alert('oh noes')</script> Where the id is a valid shelf id 2/ Notice the js is executed 3/ Apply patch 4/ Reload page 5/ Notice input is now escaped on display Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Tested in Debian, couldn't reproduce the alert in Iceweasel, but in Chromium. Patch fixes it. Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>		2015-06-22 11:00:10 -03:00
..
intranet-tmpl	Bug 14416: Stored XSS vulnerability - add biblio to shelf (intranet)	2015-06-22 11:00:09 -03:00
opac-tmpl	Bug 14418: More XSS vulnerabilities in opac-shelves.pl	2015-06-22 11:00:10 -03:00
favicon.ico
index.html
intranet.html
opac.html