From 12dcd7f2e79dd9b53a0cfc1ed6e3d88fd7446405 Mon Sep 17 00:00:00 2001 From: Amit Gupta Date: Fri, 4 Aug 2017 10:41:49 +0530 Subject: [PATCH] Bug 19034: XSS Flaws in Z39.50/SRU servers administration 1. Hit /cgi-bin/koha/admin/z3950servers.pl 2. Enter search Z39.50/SRU servers box. 3. Notice the iframe is executed. 4. Apply patch. 5. Reload page, and enter iframe again on search Z39.50/SRU servers box. 6. Notice it is no longer executed. Signed-off-by: Tomas Cohen Arazi Signed-off-by: Jonathan Druart (cherry picked from commit cd0c7ad870f4c2d202e2d6e31c1078bd29da979e) Signed-off-by: Fridolin Somers --- koha-tmpl/intranet-tmpl/prog/en/modules/admin/z3950servers.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/z3950servers.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/z3950servers.tt index 4a6a968511..d25cc364a5 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/z3950servers.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/z3950servers.tt @@ -225,7 +225,7 @@ [% IF id %] You searched for record [% id %] [% ELSIF searchfield %] - You searched for [% searchfield %] + You searched for [% searchfield |html %] [% END %] -- 2.39.5
TargetHostname/PortDatabaseUseridPasswordPreselectedRankSyntaxEncodingTimeoutRecord type