]> git.koha-community.org Git - koha.git/commit
Bug 16878: Fix XSS in opac-memberentry
authorJonathan Druart <jonathan.druart@bugs.koha-community.org>
Fri, 22 Jul 2016 07:30:54 +0000 (08:30 +0100)
committerJulian Maurice <julian.maurice@biblibre.com>
Wed, 17 Aug 2016 12:53:42 +0000 (14:53 +0200)
commita503a522c2bfa34f8f64af8dbf2ecba8010b5201
tree3eff265db241a2b6f727dfc81bf820e4972a40c6
parenta6d6b953e41641e9bfcfa74598a58bf9d5039743
Bug 16878: Fix XSS in opac-memberentry

The vars are gotten from the url and sent to the template as it. They
must be escaped.

Test plan:
I have not managed to create the original issue, so there is no test
plan for the XSS fix, but you can confirm there is no regression.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 9bdea2e3691fd62e777cc974f89b867a69eec9a8)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit b505c6b7d636f262eadef82984b83b5194438724)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
opac/opac-memberentry.pl