git.koha-community.org Git - koha.git/commit

]> git.koha-community.org Git - koha.git/commit

projects / koha.git / commit

summary | shortlog | log | commit | commitdiff | tree
(parent: 914577f) | patch

author	Amit Gupta <amit.gupta@informaticsglobal.com>
	Wed, 16 Aug 2017 12:26:17 +0000 (17:56 +0530)
committer	Jonathan Druart <jonathan.druart@bugs.koha-community.org>
	Fri, 29 Sep 2017 15:20:51 +0000 (12:20 -0300)
commit	b90662073ff99d25e0f32156924f79981f9d5707
tree	5a8e2c6c0d454d52b7f3e925ef29ce486b228fb4	tree \| snapshot
parent	914577fdb788b70fdb0979a6ea88ca10e3345796	commit \| diff

Bug 19127: Fix Stored XSS in csv-profiles.pl

To Test
1. Hit the page /cgi-bin/koha/tools/csv-profiles.pl?op=add_form
2. Add a text in the field Profile name, Profile description
and Profile MARC fields that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

koha-tmpl/intranet-tmpl/prog/en/modules/tools/csv-profiles.tt

diff | blob | history

Main Koha release repository