]> git.koha-community.org Git - koha.git/commit
Bug 13609: Cross Site Scripting problem in authority search result list paging
authorKatrin Fischer <katrin.fischer@bsz-bw.de>
Thu, 22 Jan 2015 13:41:09 +0000 (14:41 +0100)
committerMason James <mtj@kohaaloha.com>
Fri, 23 Jan 2015 06:16:45 +0000 (19:16 +1300)
commitdb9a69aa7f25dc929f5f7dc237247a0dbfb517ce
treec15c993e157c309ee4da435c5d422d41d88794e5
parent1d45527578ddf7b21da64e9c0bcd73383a29f042
Bug 13609: Cross Site Scripting problem in authority search result list paging

To test:
- Use an installation a reasonable amount of authorities, so that you can
  have a search result list with more than one page
- Activate OpacAuthorities
- Create an OPAC link like shown below, verify that an alert is shown
- Apply patch
- Refresh the page and no alert should appear
- Verify the paging still works correctly for 'numbers' and 'arrows'

URL:
.../cgi-bin/koha/opac-authorities-home.pl?and_or=and&marclist=match&op=do_search&operator=contains&orderby=HeadingAsc2"><script>prompt(987898)</script>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Mason James <mtj@kohaaloha.com>
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-authoritiessearchresultlist.tt