From a482880352c4e9b363402a83358e1c239fbc1d74 Mon Sep 17 00:00:00 2001 From: Amit Gupta Date: Tue, 15 Aug 2017 14:37:50 +0530 Subject: [PATCH] Bug 19108: Fix Stored XSS in biblio_framework.pl and marctagstructure.pl To Test 1. Hit the page /cgi-bin/koha/admin/biblio_framework.pl?op=add_form 2. Add a text in the field Description that contains js 3. Save the page. 4. Notice js is execute 5. Click on Actions -> MARC structure 6. Apply patch and reload, the js is escaped Fixed for both the pages biblio_framework.pl and marctagstructure.pl Signed-off-by: Katrin Fischer Signed-off-by: Marcel de Rooy Signed-off-by: Jonathan Druart --- .../prog/en/modules/admin/biblio_framework.tt | 12 ++++++------ .../prog/en/modules/admin/marctagstructure.tt | 18 +++++++++--------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/biblio_framework.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/biblio_framework.tt index 4edc86188f..166663f2d2 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/biblio_framework.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/biblio_framework.tt @@ -3,7 +3,7 @@ [% IF op == 'add_form' %] › [% IF framework %]Modify framework text[% ELSE %]Add framework[% END %] [% ELSIF op == 'delete_confirm' %] -› Delete framework for [% framework.frameworktext %] ([% framework.frameworkcode %])? +› Delete framework for [% framework.frameworktext |html %] ([% framework.frameworkcode %])? [% END %] [% INCLUDE 'doc-head-close.inc' %] @@ -31,7 +31,7 @@ [% IF op == 'add_form' %] › [% IF framework %]Modify framework text[% ELSE %]Add framework[% END %] [% ELSIF op == 'delete_confirm' %] -› Delete framework for [% framework.frameworktext %] ([% framework.frameworkcode %])? +› Delete framework for [% framework.frameworktext |html %] ([% framework.frameworkcode %])? [% END %] @@ -107,13 +107,13 @@
[% IF biblios_use_this_framework %]

This framework cannot be deleted

-

[% framework.frameworktext %] ([% framework.frameworkcode %])

+

[% framework.frameworktext |text %] ([% framework.frameworkcode %])

The framework is used [% biblios_use_this_framework %] times.

[% ELSE %] -

Delete framework for [% framework.frameworktext %] ([% framework.frameworkcode %])?

+

Delete framework for [% framework.frameworktext |html %] ([% framework.frameworkcode %])?

@@ -209,7 +209,7 @@ [% FOREACH loo IN frameworks %] [% loo.frameworkcode %] - [% loo.frameworktext %] + [% loo.frameworktext |html %]