]> git.koha-community.org Git - koha.git/commit
Bug 14423 : Multiple XSS vulnerabilities in serials-search
authorChris <chris@bigballofwax.co.nz>
Sun, 21 Jun 2015 09:20:51 +0000 (09:20 +0000)
committerMason James <mtj@kohaaloha.com>
Tue, 23 Jun 2015 03:30:08 +0000 (15:30 +1200)
commitf59fbdbef1f79e0940305d7d153ae22121d1004b
tree3bca7e5dd296bf597c0154c7b9a10465b0e40702
parentfce867ca00ca89f5253f909171f108366b33de28
Bug 14423 : Multiple XSS vulnerabilities in serials-search

To test

1/ Hit a url like http://localhost:8081/cgi-bin/koha/serials/serials-search.pl?bookseller_filter=%22%22%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&searched=1&title_filter=
2/ Notice alert boxes
3/ Apply patch
4/ Reload, notice fixed

Repeat for
callnumber_filter
EAN_filter
ISSN_filter
publisher_filter
title_filter

Signed-off-by: Mason James <mtj@kohaaloha.com>
koha-tmpl/intranet-tmpl/prog/en/modules/serials/serials-search.tt