]> git.koha-community.org Git - koha.git/commit
Bug 17029: Fix XSS in catalogue/*detail.pl
authorJonathan Druart <jonathan.druart@bugs.koha-community.org>
Tue, 2 Aug 2016 14:46:06 +0000 (15:46 +0100)
committerChris Cormack <chris@bigballofwax.co.nz>
Mon, 22 Aug 2016 19:44:39 +0000 (07:44 +1200)
commit947ddcba9392d9565b03e911dd1d14e5e23e3bc1
treeb7f48f8146657efdaafe4c4e41a0b0d550348fae
parent4c3c2c8ec2dc748e8507ef4d6256b6187b0367c1
Bug 17029: Fix XSS in catalogue/*detail.pl

Hit
  /cgi-bin/koha/catalogue/detail.pl?biblionumber=1<script type="text/javascript">alert("XSS")</script>
  /cgi-bin/koha/catalogue/ISBDdetail.pl?biblionumber=1<script type="text/javascript">alert("XSS")</script>
  /cgi-bin/koha/catalogue/MARCdetail.pl?biblionumber=1<script type="text/javascript">alert("XSS")</script>
  /cgi-bin/koha/catalogue/moredetail.pl?biblionumber=1<script type="text/javascript">alert("XSS")</script>
  /cgi-bin/koha/catalogue/labeledMARCdetail.pl?biblionumber=1<script type="text/javascript">alert("XSS")</script>

=> Without this patch you will see the alert
=> With this patch, no more alert

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
catalogue/ISBDdetail.pl
catalogue/MARCdetail.pl
catalogue/detail.pl
catalogue/labeledMARCdetail.pl
catalogue/moredetail.pl