]> git.koha-community.org Git - koha.git/commit
Bug 19035 - Stored XSS in lists.pl
authorAmit Gupta <amit.gupta@informaticsglobal.com>
Tue, 15 Aug 2017 03:03:41 +0000 (08:33 +0530)
committerMason James <mtj@kohaaloha.com>
Thu, 24 Aug 2017 06:05:43 +0000 (18:05 +1200)
commitc4dd1876b35f0b9254a5bd195528a5f5dc2bd260
treea9542d124f782fcfea0b52fae4d23ff0fdd43894
parentc6252a3b2e29d04e3e31c006d3b853cfd9082b7a
Bug 19035 - Stored XSS in lists.pl

To Test
1. Hit the page /cgi-bin/koha/patron_lists/lists.pl
2. Click on new patron list
3. Add a text in the field Name that contains js
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Fixed in both the pages list.pl and list.pl?patron_list_id=xx
xx is patronlist id

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
koha-tmpl/intranet-tmpl/prog/en/modules/patron_lists/list.tt
koha-tmpl/intranet-tmpl/prog/en/modules/patron_lists/lists.tt