Koha/koha-tmpl/opac-tmpl at cd4c959f7226b060f683f5571f030cc2df7539ca - Koha-community/Koha - Koha: The world's first free and open source library system

History

Chris Cormack cd4c959f72 Bug 14418: More XSS vulnerabilities in opac-shelves.pl To test: 1/ Hit a url like /cgi-bin/koha/opac-shelves.pl?viewshelf=7&op=modif&display="><script>alert('oh noes')</script> Where the id is a valid shelf id 2/ Notice the js is executed 3/ Apply patch 4/ Reload page 5/ Notice input is now escaped on display Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Tested in Debian, couldn't reproduce the alert in Iceweasel, but in Chromium. Patch fixes it. Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>	2015-06-22 11:00:10 -03:00
..
bootstrap	Bug 14418: More XSS vulnerabilities in opac-shelves.pl	2015-06-22 11:00:10 -03:00
lib	Bug 13612 - Remove old YUI javacript libraries from opac-tmpl	2015-02-24 11:16:39 -03:00

Chris Cormack cd4c959f72 Bug 14418: More XSS vulnerabilities in opac-shelves.pl

To test:
1/ Hit a url like
/cgi-bin/koha/opac-shelves.pl?viewshelf=7&op=modif&display="><script>alert('oh
noes')</script>  Where the id is a valid shelf id
2/ Notice the js is executed
3/ Apply patch
4/ Reload page
5/ Notice input is now escaped on display

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Tested in Debian, couldn't reproduce the alert in Iceweasel, but in
Chromium. Patch fixes it.
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

2015-06-22 11:00:10 -03:00

bootstrap

Bug 14418: More XSS vulnerabilities in opac-shelves.pl

2015-06-22 11:00:10 -03:00

lib

Bug 13612 - Remove old YUI javacript libraries from opac-tmpl

2015-02-24 11:16:39 -03:00