git.koha-community.org Git - koha.git/commit

author	Amit Gupta <amit.gupta@informaticsglobal.com>
	Tue, 15 Aug 2017 09:30:55 +0000 (15:00 +0530)
committer	Mason James <mtj@kohaaloha.com>
	Thu, 24 Aug 2017 06:05:07 +0000 (18:05 +1200)
commit	347200ab659a4698e2b147b335650a8d455f7b5b
tree	ef6c980430bbff4a16fc9d46738d9067c71779d0	tree \| snapshot
parent	ec036698f58c8331d30f279164d55232f7fcbf97	commit \| diff

Bug 19110 - XSS Stored in branches.pl

To Test
1. Hit the page /cgi-bin/koha/admin/branches.pl?op=add_form_category
2. Add a text in the field Name and description that contains js.
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Fixed for js escaped execute for both pages

1. /cgi-bin/koha/admin/branches.pl?op=delete_confirm&branchcode=xx
xx is branchcode
2. /cgi-bin/koha/admin/branches.pl?op=add_form with Group(s):

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>