]> git.koha-community.org Git - koha.git/commit
Bug 19110 - XSS Stored in branches.pl
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Tue, 15 Aug 2017 09:30:55 +0000 (15:00 +0530)
committerMason James <mtj@kohaaloha.com>
Thu, 24 Aug 2017 06:05:07 +0000 (18:05 +1200)
commit347200ab659a4698e2b147b335650a8d455f7b5b
treeef6c980430bbff4a16fc9d46738d9067c71779d0
parentec036698f58c8331d30f279164d55232f7fcbf97
Bug 19110 - XSS Stored in branches.pl

To Test
1. Hit the page /cgi-bin/koha/admin/branches.pl?op=add_form_category
2. Add a text in the field Name and description that contains js.
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Fixed for js escaped execute for both pages

1. /cgi-bin/koha/admin/branches.pl?op=delete_confirm&branchcode=xx
   xx is branchcode
2. /cgi-bin/koha/admin/branches.pl?op=add_form with Group(s):

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
koha-tmpl/intranet-tmpl/prog/en/modules/admin/branches.tt