]> git.koha-community.org Git - koha.git/commit
Bug 19105 - XSS Stored in holidays.pl
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Tue, 15 Aug 2017 03:53:13 +0000 (09:23 +0530)
committerMason James <mtj@kohaaloha.com>
Thu, 24 Aug 2017 06:04:42 +0000 (18:04 +1200)
commit505211d6ed08c59bfb3a5e0cd25a756ebb4bf0ca
tree1a84a093ef847fd17d8f129b9f3f14c8e1c48f2e
parent54be404e93b458504f88ab5a456d702d725438d4
Bug 19105 - XSS Stored in holidays.pl

To Test
1. Hit the page /cgi-bin/koha/tools/holidays.pl
2. Select the date
3. Add a text in the field Title and Description that contains js
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Fixed for all holidays

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
koha-tmpl/intranet-tmpl/prog/en/modules/tools/holidays.tt