]> git.koha-community.org Git - koha.git/commit
Bug 19105 - XSS Stored in holidays.pl
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Tue, 15 Aug 2017 03:53:13 +0000 (09:23 +0530)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Tue, 29 Aug 2017 15:00:37 +0000 (12:00 -0300)
commit6b3449627fe53851b92428e57bb12d6c6492e2b9
tree37e6daba0aaf145d6772965dc87f8d694cf35dd8
parentfd44f2fed7415feb8605c94b7c533dcd48d27b15
Bug 19105 - XSS Stored in holidays.pl

To Test
1. Hit the page /cgi-bin/koha/tools/holidays.pl
2. Select the date
3. Add a text in the field Title and Description that contains js
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Fixed for all holidays

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
koha-tmpl/intranet-tmpl/prog/en/modules/tools/holidays.tt