]> git.koha-community.org Git - koha.git/commit
projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3bf66eb) | patch
Bug 17038: Fix XSS in catalogue/search.pl
authorJonathan Druart <jonathan.druart@bugs.koha-community.org>
Wed, 3 Aug 2016 12:57:43 +0000 (13:57 +0100)
committerFrédéric Demians <f.demians@tamil.fr>
Tue, 23 Aug 2016 09:39:11 +0000 (11:39 +0200)
commit97f1d825cd4031e0c9077d9d8cf0f0c7f69d894c
tree0fed7b0bdc70f82920373fc0c65eec145655d855tree | snapshot
parent3bf66eb1a1af1f917ffbf3865762cac64bfdbaefcommit | diff
Bug 17038: Fix XSS in catalogue/search.pl

Test plan:
Search for something like:
  \";alert(1)//135

=> Without this patch you will see the alert
=> With this patch, no more alert

Note that this fix the parameters idx, q and op

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit b543fa74fe888b9e53cfc06ac58e2f7ac1689ae5)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt diff | blob | history
Main Koha release repository