git.koha-community.org Git - koha.git/commit

]> git.koha-community.org Git - koha.git/commit

projects / koha.git / commit

summary | shortlog | log | commit | commitdiff | tree
(parent: 2aac25b) | patch

author	Katrin Fischer <katrin.fischer.83@web.de>
	Wed, 16 Aug 2017 10:59:13 +0000 (12:59 +0200)
committer	Katrin Fischer <katrin.fischer.83@web.de>
	Tue, 19 Sep 2017 20:59:03 +0000 (22:59 +0200)
commit	f6bb532a9a5448ae1dba1a9b0fdaaa99f1271304
tree	8c70eec5706861b2432a753a9433de6e7d297285	tree \| snapshot
parent	2aac25bb7a8d750d6f234b6f076682ae40158e7c	commit \| diff

Bug 19086 - Follow-up - XSS in supplier.tt

In preparation:
Make sure you enter <script>alert("sth")</script>
in all fields of a new vendor that are not validated
and save.

1) Access vendor summary page.
2) Verify scripts are executed
3) Apply patch
4) Verify scripts are on longer executed

This works in combination with the other patches for XSS
on this bug.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 14a1aba57cc091a70c527a0d6bd495d21bd87345)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 13147e7c05daa73a4f562541c3a7f8c98747bc83)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

koha-tmpl/intranet-tmpl/prog/en/modules/acqui/supplier.tt

diff | blob | history

Main Koha release repository