Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/opac-tmpl/bootstrap
History
Chris Cormack cd4c959f72 Bug 14418: More XSS vulnerabilities in opac-shelves.pl 
To test:
1/ Hit a url like
/cgi-bin/koha/opac-shelves.pl?viewshelf=7&op=modif&display="><script>alert('oh
noes')</script>  Where the id is a valid shelf id
2/ Notice the js is executed
3/ Apply patch
4/ Reload page
5/ Notice input is now escaped on display

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Tested in Debian, couldn't reproduce the alert in Iceweasel, but in
Chromium. Patch fixes it.
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-06-22 11:00:10 -03:00
..
css Bug 11574 - Clean up Printing Lists 2015-05-05 15:41:27 -03:00
en Bug 14418: More XSS vulnerabilities in opac-shelves.pl 2015-06-22 11:00:10 -03:00
images Bug 10309 - New OPAC theme based on Bootstrap 2013-10-14 23:13:05 +00:00
itemtypeimg Bug 10309 - New OPAC theme based on Bootstrap 2013-10-14 23:13:05 +00:00
js Bug 9580 Cover images from Coce, a remote image URL cache 2015-04-01 09:31:42 -03:00
less Bug 11574 - Clean up Printing Lists 2015-05-05 15:41:27 -03:00
lib Bug 13307: Fix jquery.deseriable.min.js 2015-04-13 13:48:55 -03:00