]> git.koha-community.org Git - koha.git/commit
projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f21934e) | patch
Bug 14423 : XSS in authorities-home
authorChris <chris@bigballofwax.co.nz>
Sun, 21 Jun 2015 08:10:20 +0000 (08:10 +0000)
committerMason James <mtj@kohaaloha.com>
Tue, 23 Jun 2015 03:30:07 +0000 (15:30 +1200)
commitbfa7ae568706ef4c35a0a2130e1366d679b9ef87
tree5a44109f42636dd8b00fbd097010017a787c40e3tree | snapshot
parentf21934e03dac776f12ff598b70152f20be98914ccommit | diff
Bug 14423 : XSS in authorities-home

To test:
1/ Hit a url like http://localhost:8081/cgi-bin/koha/authorities/authorities-home.pl?op=do_search&type=intranet&marclist=mainentry&and_or=and&operator=contains&value=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
2/ Notice you get 3 alert boxes
3/ Apply patch
4/ Hit the url again, no js

Signed-off-by: Mason James <mtj@kohaaloha.com>
koha-tmpl/intranet-tmpl/prog/en/includes/authorities-search.inc diff | blob | history
Main Koha release repository