]> git.koha-community.org Git - koha.git/commit
projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c536935) | patch
Bug 38469: Replace single quotes with double quotes to prevent XSS
authorDavid Cook <dcook@prosentient.com.au>
Mon, 18 Nov 2024 04:46:31 +0000 (04:46 +0000)
committerwainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
Mon, 17 Feb 2025 22:50:15 +0000 (22:50 +0000)
commit89c6e32ee721b56d70c9433d28eae1ed19af28e1
tree2f3d6e7d2969e3c3ad3c9b3f0d0d1d8892e88be5tree | snapshot
parentc53693523885a5830d12c4f98e3b508643d46dbecommit | diff
Bug 38469: Replace single quotes with double quotes to prevent XSS

This change replaces single quotes with double quotes to prevent XSS
for particular operations on the circ returns page.

Test plan:
0. Apply the patch
1. Go to http://localhost:8081/cgi-bin/koha/circ/returns.pl?print_slip=1&reserve_id=1
2. Note that a pring slip is generated
(you may need to allow popups)

3. To test the XSS is patched, try the proof-of-concept from the
bug report

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Baptiste Wojtkowski <baptiste.wojtkowski@biblibre.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
koha-tmpl/intranet-tmpl/prog/en/modules/circ/returns.tt diff | blob | history
Main Koha release repository