]> git.koha-community.org Git - koha.git/commit
Bug 20982: Sanitize category to prevent XSS on opac-shelves.pl
authorJonathan Druart <jonathan.druart@bugs.koha-community.org>
Thu, 20 May 2021 06:34:48 +0000 (08:34 +0200)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Wed, 26 May 2021 07:26:54 +0000 (09:26 +0200)
commitabf1b6596c39b55b8a929c9c0329d113ea1f72df
tree0ed98dfc603d9316dba457e74a440d73cba80150
parent335382e4553cd8bdd3b8ad07408888a0bae4b111
Bug 20982: Sanitize category to prevent XSS on opac-shelves.pl

== Test plan ==
1. Go to http://localhost:8080/cgi-bin/koha/opac-shelves.pl?category=function(){window.location.href%20=%20%27https://git.koha-community.org/stats/koha-master/authors.html%27}()
2. Note that you are redirected to another website
3. Apply the patch & restart services
4. Repeat the above and you are not redirected

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt
opac/opac-shelves.pl