Koha/koha-tmpl/intranet-tmpl/prog/en at da03dbd458c59da0b9213efacd3425e89b453332 - Koha-community/Koha - Koha: The world's first free and open source library system

History

Jonathan Druart da03dbd458 Bug 17114: Fix XSS in picture-upload.pl To reproduce: 1/ cp your_image.jpg 'test<svg onload=alert(1)>.jpg' 2/ Use the upload picture tool to upload this file => Without this patch, the alert is show => With this patch, the filename is correctly displayed and no alert Note that the cardnumber var was not escaped neither, it's now. Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>		2016-09-15 13:33:02 +00:00
..
data	Bug 16608 - Missing entity nbsp in some XML files	2016-06-10 17:40:55 +00:00
includes	Bug 14752 - (QA followup) Remove annoying modal, use dialog box instead	2016-09-13 17:21:05 +00:00
js	Bug 16795 - Patron categories: Accept integers only for enrolment period and age limits	2016-07-08 13:15:31 +00:00
modules	Bug 17114: Fix XSS in picture-upload.pl	2016-09-15 13:33:02 +00:00
xslt	Bug 13921 - XSLT Literary Formats Not Showing	2016-09-02 14:10:48 +00:00
columns.def