]> git.koha-community.org Git - koha.git/commit
Bug 19614: Fix XSS in members/pay.pl
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Mon, 13 Nov 2017 03:57:44 +0000 (09:27 +0530)
committerNick Clemens <nick@bywatersolutions.com>
Thu, 21 Dec 2017 12:07:33 +0000 (12:07 +0000)
commite576b89c461c87efc122816fca9f6c3ba08a1833
tree0a1ca8b769da1151a220bd3865fc385b9f91a3e3
parent4333617b1d33b2c7c0488de593c76ac79f4ebf70
Bug 19614: Fix XSS in members/pay.pl

To Test
1. Hit the page /cgi-bin/koha/members/memberentry.pl
2. Add a text in the field firstname, surname that contains js
3. Save the page.
4. click on fine tab
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
koha-tmpl/intranet-tmpl/prog/en/modules/members/pay.tt