git.koha-community.org Git - koha.git/commit

author	Chris Cormack <chrisc@catalyst.net.nz>
	Tue, 9 Dec 2014 23:47:30 +0000 (12:47 +1300)
committer	Chris Cormack <chrisc@catalyst.net.nz>
	Sun, 21 Dec 2014 21:02:30 +0000 (10:02 +1300)
commit	0c8ede31df2b79c3a879e47029308e0808fa6afc
tree	4a26aac0b163caf9162d03deedc9d2296e2044f3	tree \| snapshot
parent	ad2c8ef43fadcd5d9b83d625428f7e279990109b	commit \| diff

Bug 13425 - XSS in intranet facets - Patch for 3.18 and master

To Test
1/ Craft a url like /cgi-bin/koha/catalogue/search.pl?q=smith&sort_by='"><script>prompt('Happy_Holidays')</script>

It is important it must return results and facets

2/ Notice the js is executed
3/ Apply the patch test again

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
No prompts, no functional regressions found.
Checked selecting and undoing facets, show more links and paging.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

koha-tmpl/intranet-tmpl/prog/en/includes/facets.inc		diff \| blob \| history
koha-tmpl/intranet-tmpl/prog/en/includes/page-numbers.inc		diff \| blob \| history