]> git.koha-community.org Git - koha.git/commit
Bug 16597: Fix XSS in opac-shareshelf
authorChris Cormack <chrisc@catalyst.net.nz>
Thu, 26 May 2016 09:33:33 +0000 (21:33 +1200)
committerChris Cormack <chrisc@catalyst.net.nz>
Tue, 21 Jun 2016 20:51:22 +0000 (08:51 +1200)
commit592653f067eb7580ab50425756e884b50b551f1c
tree480bfdde35e88901d0a68f5cfbcf02a7af51bed8
parent4f25396332d256d89a0906fcbc9600dcaaaab274
Bug 16597: Fix XSS in opac-shareshelf

To test
1/ Go to /cgi-bin/koha/opac-shareshelf.pl?op="><script>alert('XSS')</script>&shelfnumber=5
2/ Notice you see a js alert
3/ Apply patch
4/ It is gone

Reported by
Alex Middleton at Dionach

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit c47c835672a8fcd8c7df79663443f01639fc7657)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 8d6486013b504fa652b43b2a20c3bb4da25034fd)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shareshelf.tt