From 98901d27be4cf6fd6210ebb32b9cddf2fcd827a0 Mon Sep 17 00:00:00 2001 From: Chris Date: Sun, 21 Jun 2015 08:10:20 +0000 Subject: [PATCH] Bug 14423: XSS in authorities-home To test: 1/ Hit a url like http://localhost:8081/cgi-bin/koha/authorities/authorities-home.pl?op=do_search&type=intranet&marclist=mainentry&and_or=and&operator=contains&value=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E 2/ Notice you get 3 alert boxes 3/ Apply patch 4/ Hit the url again, no js Signed-off-by: Jonathan Druart Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi --- .../intranet-tmpl/prog/en/includes/authorities-search.inc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/authorities-search.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/authorities-search.inc index cbdc939355..433c92703d 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/authorities-search.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/authorities-search.inc @@ -58,7 +58,7 @@ [% END %] - + - + - +